The Jerich Show Podcast

In this show, Javvad and Erich welcome the incredibly entertaining guest, Mark Shawa. Mark discusses ways to improve security culture, why it's so important, and gives sugeestions for reading materials and people to follow in the industry. Erich and Javvad also discuss how stress is impacting employees, the spike in phishing as we get close to Black Friday and a really interesting and scary new attack using browser notifications. Join us and subscribe for the latest in cybersecurity news delivered every week and check out the podcast version at https://thejerichshow.podbean.com/. Links from the show: Mark Shawa - https://markshawa.com/ Stressed Employees: https://www.securitymagazine.com/articles/93921-stressed-employees-behind-4-in-10-data-breaches Browser Notification Attacks: https://krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/ Phishing and Black Friday: https://www.itpro.co.uk/security/357796/sharp-spike-in-phishing-attacks-in-the-weeks-ahead-of-black-friday Books Mark Recommended: Animal Farm - George Orwell: https://www.amazon.com/Animal-Farm-George-Orwell/dp/0451526341/ Start With Why - Simon Sinek: https://www.amazon.com/Start-Why-Leaders-Inspire-Everyone/dp/1591846447/ The Art of Deception - Kevin Mitnick: https://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X/ The Subtle Art of Not Giving a F*ck - Mark Manson: https://www.amazon.com/Subtle-Art-Not-Giving-Counterintuitive/dp/0062457713/ Transformational Security Awareness - Perry Carpenter : https://www.amazon.com/Transformational-Security-Awareness-Neuroscientists-Storytellers/dp/1119566347/ Mark's Notable Thought Leaders : Theo Baloyi - CEO of Bathu Shoes: https://www.linkedin.com/in/theo-baloyi-07b6891a3/ Sylvester Chauke - Founder of DNA Brand Architects: https://www.linkedin.com/in/sylvester-chauke-385a3216/ David and Madeline McQueen - Founder of Madeline McQueen & Founder of David McQueen: https://www.madelinemcqueen.com/ and https://www.davidmcqueen.co.uk/ Anna Collard - KnowBe4 SVP - Founder of Popcorn Training: https://www.linkedin.com/in/anna-collard-606817/ Lisa Ventura - Founder UK Cyber Security Association: https://lisaventura.co.uk/

After a week off after a traffic accident, Erich and Javvad discuss another data breach around a kids game and discuss the Microsoft advisory to move away from SMS Multi-Factor Authentication Links from the show: Hacking Multifactor Authentication: https://amzn.to/2K2RMba Hackers Steal 46 Million Records from Kids’ Game Developer: https://www.infosecurity-magazine.com/news/hackers-steal-46-million-records/\ The Animal Jam data breach notification: https://www.animaljam.com/en/2020databreach The difference between two-factor and two-step authentication: https://paul.reviews/the-difference-between-two-factor-and-two-step-authentication/ Microsoft urges users to stop using phone-based multi-factor authentication: https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/

In this episode Javvad and Erich take a look at the new low that the Ryuk ransomware gang is sinking to, that is targeting hospitals and medical clinics. They also discuss the incredible amount of money being made in the ransomware game, with one group claiming to have made over $100 million. On the other side of that coin, a ransomware gang donated $10k to charity. Why? Who really knows? Maybe guilt, maybe a PR move, maybe just a way to get mentioned on the show. Finally, to wrap up their ransom demanding trend today, they discuss a group that breached a Finnish psychotherapy clinic and then blackmailed the patients. All of this and more in this week's show. Links from the show: https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/ https://krebsonsecurity.com/2020/10/fbi-dhs-hhs-warn-of-imminent-credible-ransomware-threat-against-u-s-hospitals/ https://www.bleepingcomputer.com/news/security/revil-ransomware-gang-claims-over-100-million-profit-in-a-year/ https://www.theregister.com/2020/10/26/finland_psychotherapy_clinic_ransom_attack/

In this episode Erich and Javvad discuss the threatening emails sent to some US voters that are registered Democrats, apparently from none other than Iran. Do they help a certain party or are they just designed to create division? In addition, there is a new 0-day vulnerability for Chrome that is being exploited in the wild. Javvad and Erich discuss the issues related to patching and when 0-days are important, and when they aren't. All this, plus Javvad gets confused while trying to accomplish the simple task of announcing the podcast version of The Jerich Show and the new Twitter account. This is what happens when he mutes Erich. Emailed Threats to Voters: https://www.npr.org/2020/10/21/926445682/u-s-blames-iran-for-threatening-election-emails-says-russia-may-interfere-too The Chrome 0-Day: https://thehackernews.com/2020/10/chrome-zeroday-attacks.html The new Jerich Show Podcast: On Apple: https://podcasts.apple.com/us/podcast/the-jerich-show-podcast/id1536420750 On Podbean: https://thejerichshow.podbean.com/# The Jerich Show Twitter handle: @TheJerichShow

In this episode Javvad and Erich discuss pandemic burnout, the Barnes & Noble breach and the trouble with advertising and accidental outrage. If you like this episode, subscribe for more weekly insights

In this episode, Erich and Javvad are joined by Thom Langford from (TL)2 Security, who somehow got us to refer to him as a sponsor. I think Javvad is taking bribes now. The important and valuable parts of this episode are our chats about National CyberSecurity Awareness Month (NCSAM) and ways to make your programs work well and about MFA. Thom and Erich offer great advice while Javvad just nods his head.

In this episode our heroes discuss a simulated phishing attack that went a little too far and the dangers involved, plus they discuss how on unsuspecting person took out the internet in their village every morning at 7am... for a year and a half. Stories: Tribune Publishing apologizes for fake bonus offer in phishing-simulation email https://blog.knowbe4.com/tribune-publishing-apologizes-for-fake-bonus-offer-in-phishing-simulation-email Old TV caused village broadband outages for 18 months https://www.bbc.com/news/uk-wales-54239180 On a side note, the Jerich Show is now auditioning for additional sponsors. We don't need a lot, perhaps a small personal jet and a modest facility on Miami Beach from which to record and live. If you know someone willing to provide these, let us know, otherwise you can help just by hitting Subscribe below

In this episode Erich and Javvad chat about the TikTok and Oracle merger/buyout/whatever thing that is happening, a case where ransomware kills and finally we discuss how people are being leveraged to help find endangered children or help hunt down child predators. Links from this episode: Oracle and TikTok: https://techcrunch.com/2020/09/13/oracle-wins-bid-to-buy-tiktok/ A Ransomware Attack Turns Deadly: https://www.theverge.com/2020/9/17/21443851/death-ransomware-attack-hospital-germany-cybersecurity Europol's Stop Child Abuse – Trace An Object: https://www.europol.europa.eu/stopchildabuse Innocent Lives Foundation: https://www.innocentlivesfoundation.org/get-involved/

In this episode Javvad and Erich chat about some recent ransomware attacks that hit a school district here in the US and a power provider in Pakistan. We discuss the timing of the tactics being used by attackers and other somewhat interesting points.

This week Javvad and Erich were joined by Quentyn Taylor, where we discussed SIM swapping attacks and how Ring doorbells could ruin the suprise the police have planned for you. Check out Quentyn on Twitter at @QuentynBlog Links to our stories: The SIM swapping attacks against phone carriers https://www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh FBI worried that Ring doorbells are spying on police https://www.bbc.com/news/technology-53985418 The Ring neighborhood app Erich mentioned https://www.nytimes.com/wirecutter/blog/ring-neighbors-app-review/

Join Javvad and Erich as they discuss the interesting situation where a Russian criminal tried to get an employee to sabotage their organzation, offering a million dollars to do it. They also discuss a quite simple and lucrative plan that was selling toothbruses to Amazon for $94 each.

In this episode, Once Javvad remembers who he is, has a discussion with Erich about the Carnival Cruise Lines ransomware attack/data breach, new legal filings against the past Uber CISO related to that breach, and the importance of transparency when the wheels fall off the wagon. Carnival: https://www.engadget.com/carnival-cruise-customer-data-at-risk-following-ransomware-attack-225029822.html The Uber Issue https://www.npr.org/2020/08/20/904113981/former-uber-executive-charged-with-paying-hush-money-to-conceal-massive-breach?t=1598007456273

In this episode Javvad and Erich tackle the rather interesting situation that happened last week when one vendor accused another one of some shady practices, then found out it wasn't them. Do fights over social media really help? They discuss it. They also talk about people receiving legitimate emails that follow the script of the phishing emails to the point, you can't tell them apart. This and more on this episode of the Jerich Show!

We're both back this week to bring you more low quality coverage of high quality topics. Javvad, spurred on by the threat of being permanently replaced by a rock, really adds some good insights to the topics this week. We discuss the documents leaked from the Intel portal and the risks associated with the supply chain: https://www.zdnet.com/article/intel-investigating-breach-after-20gb-of-internal-documents-leak-online/ We then continue on to chat about the impact of leaked documents from the UK government: https://uk.reuters.com/article/uk-britain-russia-hack-exclusive/exclusive-papers-leaked-before-uk-election-in-suspected-russian-operation-were-hacked-from-ex-trade-minister-sources-idUKKBN24Z1UL Finally, we discuss the unprotected Zoom hearing for the Twitter hacker, which allowed all participants to screen share, and how nobody could have possibly predicted that it might be impacted by shenanigans: https://www.itpro.co.uk/software/video-conferencing/356680/teenage-twitter-hackers-virtual-trial-is-zoom-bombed Don't forget to scubscribe so you can catch every episode of the Jerich Show

Today, with the help of a stand in for Javvad, we celebrate the 21st annual Sysadmin Day. Sysadmins have a rough life and it is only fitting that we stop being cruel to them at least 1 day of each year. This is that day, so go find a sysadmin, give them a big hug and softly whisper something nice in their ear*. *Seriously folks, DON'T do this. Maybe offer to buy them lunch or a frosty beverage after work instead. They really do deserve it.

Erich is on holiday, but the show must go on! Stories covered: Posti Phishing scam: https://yle.fi/uutiset/osasto/news/helsinki_police_probe_200k_phishing_scam_in_postis_name/11438564 Meow Bot: https://www.forbes.com/sites/daveywinder/2020/07/22/not-all-internet-cats-are-cute-meow-bot-is-a-database-destroyer/#13a2a8b30e24

This week Javvad and Erich chat about the the week that twitter got hacked and the the social engineering behind the associated Bitcoin scam. We also both look back and wish we had invested when BTC was $35

Facial recognition, the future or a terrible mistake? Stories covered this week: Facial recognition technology flagged 26 California lawmakers as criminals. This bill to ban the tech is headed to the Senate: https://www.mercurynews.com/2019/08/14/facial-recognition-technology-flagged-26-california-lawmakers-as-criminals-this-bill-to-ban-the-tech-is-headed-to-the-senate/ California legislature bars facial recognition for police body cameras: https://www.reuters.com/article/us-california-facial-recognition/california-legislature-bars-facial-recognition-for-police-body-cameras-idUSKCN1VX2ZP Lawmakers propose indefinite nationwide ban on police use of facial recognition: https://www.cnet.com/news/lawmakers-propose-indefinite-nationwide-ban-on-police-use-of-facial-recognition/ 'The Computer Got It Wrong': How Facial Recognition Led To False Arrest Of Black Man: https://www.npr.org/2020/06/24/882683463/the-computer-got-it-wrong-how-facial-recognition-led-to-a-false-arrest-in-michig How NIST Tested Facial Recognition Algorithms for Racial Bias: https://www.scientificamerican.com/article/how-nist-tested-facial-recognition-algorithms-for-racial-bias/

In this episode of the Jerich Show, Erich and Javvad discuss the world of social media and how much data we trade for a few funny videos. **Spoiler alert: It's a lot** Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It: https://www.boredpanda.com/tik-tok-reverse-engineered-data-information-collecting/ Social Media Information Breach: https://www.forbes.com/sites/petersuciu/2020/06/26/there-isnt-enough-privacy-on-social-media-and-that-is-a-real-problem/#38ddaad444f1

In this episode of the Jerich Show, Javvad and Erich talk about mental exhaustion, the stressors of being tired and how this can lead to falling for scams and social engineering attacks.

In this episode Javvad and Erich discuss a group of cyber mercenaries that put up shop above a nice little tea shop in New Delhi. The discussed in the story is here: https://in.reuters.com/article/india-cyber-mercenaries/exclusive-obscure-indian-cyber-firm-spied-on-politicians-investors-worldwide-idINKBN23G1FI

In this episode Erich and Javvad tackle the issue of misinformation in social media and the impacts it can have. We all know that there are lies, damn lies and statistics. Bots are taking over Twitter and other social media sites and posting divisive content to both sides of arguments. It's never been more important to do your own fact checking and understand what is actually being presented. Also, people are falling for silly stuff due to the hype, so as a public service, Javvad tells us about a device meant to save us from the 5G's.

In this episode Javvad and Erich talk about scammers and just how low they will go to make a few bucks. We also discuss how some of their stupidity gets them caught

In this episode of the Jerich show, Javvad and Erich tackle the recent issue of the CISSP and Masters degree equivalency bombshell.

In this episode, Javvad talks about an incident where executives were compromised at over 150 companies and Erich talks the mayhem we can expect when returning to work as the economy is reopened

In this episode, Javvad talks about the current post-incident status of Travelex and Erich talks about the City of Torrance, Ca getting hit by Doppelpaymer ransomware

In this episode, Javvad and Erich discuss security topics ranging from the new normal for ransomware to hot scams on Facebook.

In this episode Javvad and Erich carry the mantra "Timely Topics, Poorly Presented" as they discuss a bunch of different COVID-19 scams, mental health during the pandemic and Javvad shows just how blue he has become.