The Jerich Show Podcast

Grounded Planes, Fake Faces & Factory Failures: Cyber Chaos Weekly

Fri, 26 Sep 2025 14:50:40 -0400

This week, Javvad Malik and Erich Kron unpack a fresh pile of cyber mayhem containing equal parts fascinating, frustrating, and “you couldn’t make this up if you tried”.

EU Blames Ransomware for Airport Check-In Chaos: The EU’s cyber agency has officially confirmed what everyone suspected: ransomware was behind the massive airport meltdown. Great, now someone please confirm when luggage will show up again.

And in other news…

Airport Cyber Arrest: Authorities nabbed a man allegedly behind attacks that disrupted airport systems across Europe. Flights were delayed, passengers got cranky, and IT staff was probably crying into their coffee. Turns out, ransomware doesn’t just ruin files, it ruins holidays. That was fast though.

Deepfakes Go Corporate: Two-thirds of businesses report being hit with deepfake scams. Fake execs, bogus invoices, and AI-generated voices that sound “just enough like the boss” to drain your accounts. Technology: still helping criminals scale their hustle, although that seems like high number. Let’s talk about that.

Jaguar Land Rover’s Production Nightmare: JLR’s cyber shutdown drags on as ministers huddle with suppliers to stop the bleeding. Yes folks, like many of the vehicles they sell, they are STILL broken. Nothing like a supply chain crisis to remind us that “smart factories” can be dumb when ransomware shows up.

Expect a mix of snark, practical security takeaways, and a few sighs of disbelief as we connect the dots between these incidents and what they mean for CISOs, SOC analysts, and anyone who still thinks cyber risk is “just an IT problem.”

Stories from the show:

Man arrested in connection with cyber-attack on airports
https://www.bbc.com/news/articles/c62ldxyj431o

Deepfake Attacks Hit Two-Thirds of Businesses
https://www.infosecurity-magazine.com/news/deepfake-attacks-hit-twothirds-of/

JLR shutdown extended again as ministers meet suppliers
https://www.bbc.com/news/articles/c15kpxnn2p2o

EU’s cyber agency blames ransomware as Euro airport check-in chaos continues
https://www.theregister.com/2025/09/22/eus_cyber_agency_confirms_ransomware/

Factory Floors, Teen Hackers & Password Panic: Cyber Sins of the Week

Fri, 19 Sep 2025 15:05:22 -0400

Javvad Malik and Erich Kron are back with tea, shade, and tech news, taking on three fresh cyber disasters that are making folks sweat:

JLR’s Cyber Chaos: A hack shut down Jaguar Land Rover’s IT & production lines, and now its supply chain workers are being told to apply for Universal Credit. When “just a hack” looks more like a national employment crisis.

Teenagers + Scattered Spider = TfL Attack Fallout: Two teens are now charged for allegedly being part of the Scattered Spider crew that hacked Transport for London last August. From Oyster cards to APIs—this one’s got lots of teeth.

SonicWall: “Oops, Backups Leaked (a Little Bit)”: Under 5% of SonicWall users impacted by exposed firewall backup prefs. Credentials were encrypted but still, enough info was accessible to give attackers a run for their money. Reset everything. Like now.

Buckle up: we’ll laugh, we’ll cringe, and we’ll figure out what this means for real people doing real work in security.

----------------------------------------------------------------------------
Stories from the show:

JLR hack could see thousands laid off - MP
https://www.bbc.com/news/articles/cwyrqxj3eqqo

U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack
https://thehackernews.com/2025/09/uk-arrest-two-teen-scattered-spider.html

SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
https://thehackernews.com/2025/09/sonicwall-urges-password-resets-after.html

Keep Quiet, Blame the Insider, and Hope Nobody Notices

Fri, 05 Sep 2025 11:33:06 -0400

In this week’s episode, Javvad Malik and Erich Kron wade through the latest cybersecurity soap opera where silence, spin, and shady stats take center stage:

61% of U.S. companies claim they’ve been hit by insider breaches. Is this a shocking revelation… or just the result of someone finally checking the logs?

CISOs are under growing pressure to zip it about incidents. Because nothing says “strong security posture” like sweeping breaches under the rug and hoping the auditors don’t trip over the lump.

Hackers are holding Google’s data hostage unless two threat intel employees get the boot. Extortion? Performance review outsourcing? You decide.

Meanwhile in the UK, the government sat on a secret breach review for two years before sheepishly releasing it. Because transparency apparently has an expiration date.

Grab your headphones as we unpack what these stories really mean for security leaders, why “insider risk” is the boogeyman of the week, and how the industry’s favorite strategy still seems to be: “Shh… maybe they won’t notice.”

Salt Typhoon, National Guard Stormed, Fake Headlines, & Ransomware Quitting

Mon, 21 Jul 2025 10:37:47 -0400

This week, Erich and Javvad dig into Salt Typhoon’s year-long hack of the National Guard (somebody check the cyber sandbags!), marvel at scammers out-faking CNN, BBC, and CNBC to push bogus investments, and celebrate the rarest of cyber events: a ransomware gang calling it quits and actually handing out free decryptors. Grab your popcorn—cyber drama doesn’t get juicier than this!

Patch Me If You Can: Cyber Oops, Selfies & Seizures

Fri, 23 May 2025 10:59:53 -0400

In this episode of The Jerich Show, Erich Kron and Javvad Malik dive headfirst into the week’s most curious, cringeworthy, and critical cybersecurity stories.

First up: a global honeypot powered by over 5,300 compromised Cisco devices—courtesy of the ViciousTrap botnet. Then, it's schadenfreude central as the developers of DanaBot malware accidentally infect themselves. Karma, meet keyboard.

We’ll also unpack Europol’s massive takedown of ransomware infrastructure, which led to the seizure of 300 servers and €3.5 million in crypto. Not to be outdone, two ATM heist suspects made their arrest even easier... by taking selfies mid-crime.

And finally, the UK’s NCSC shows us how to securely retire old tech—because tossing servers in the skip just isn’t secure policy.

Join Erich and Javvad for sharp takes, security snark, and the cybersecurity fails you’ll want to learn from (or at least laugh at).

From Rogue Radios to Hijacked Chips: Cyber Threats Go Global!

Fri, 16 May 2025 10:59:40 -0400

In this episode of The Jerich Show, join your favorite cybersecurity duo, Erich Kron and Javvad Malik, as they dive into some truly wild cybercrime stories making headlines around the globe. Hackers who've been terrorizing UK retailers have hopped the pond to target US companies, while Japan's bold plan to double its cybersecurity workforce might mean saying sayonara to tough certifications. Meanwhile, the EU arms defenders with a shiny new vulnerability database, and the discovery of rogue communication devices lurking in Chinese-made solar inverters sparks fresh paranoia. Plus, could your CPU itself soon be held hostage by ransomware? Tune in for laughs, insights, and a healthy dose of cyber skepticism!

Stories from the show:

Hackers behind UK retail attacks now targeting US companies
https://www.bleepingcomputer.com/news/security/google-scattered-spider-switches-targets-to-us-retail-chains/

Japan aims to double cybersecurity specialists by 2030, relax certification requirements
https://asianews.network/japan-aims-to-double-cybersecurity-specialists-by-2030-relax-certification-requirements/

EU launches vulnerability database to tackle cybersecurity threats
https://therecord.media/eu-launches-vulnerability-database

CPU microcode hack could infect processors with ransomware directly
https://www.techradar.com/pro/security/cpu-microcode-hack-could-infect-processors-with-ransomware-directly

‘Rogue’ communication devices found on Chinese-made solar power inverters
https://www.utilitydive.com/news/rogue-communication-devices-found-on-chinese-made-solar-power-inverters/748242/

Lockbit hacked, Qlin jumps to #1 and Google gets serious against scams

Fri, 09 May 2025 13:51:29 -0400

In this episode, Erich and Javvad discuss how Lockbit appears to be hacked again, Qlin makes a jump to #1 in the ransomware game, Google gets serious against scams with Gemini, and more!

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html

Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures

https://thehackernews.com/2025/05/qilin-leads-april-2025-ransomware-spike.html

LockBit ransomware gang hacked again

https://www.computing.co.uk/news/2025/security/lockbit-ransomware-gang-hacked-again

UK Cyber Insurance Claims Second Highest on Record

https://www.infosecurity-magazine.com/news/uk-cyberinsurance-claims-second/

Iran attacked,Huge DDoS Attack and more!

Fri, 09 May 2025 13:48:18 -0400

Erich and Javvad recap the top stories in Cybersecurity this week including the cyber attack on Iran and a huge DD0S attack. All this and More

Bad actors arrested, phishing with google, Darkula get's an upgrade and more!

Fri, 09 May 2025 13:47:02 -0400

Erich and Javvad summarize this week’s cyber soap opera and bring you a tangled web of digital deceit, artificial “intelligence,” and just enough government extradition drama to keep things spicy.

From Spain With Wire Fraud: Alleged “Scattered Spider” member Tyler Buchanan thought sunny Spain was a safe hideout—until the long arm of U.S. justice said hola. Extradited for allegedly scamming Caesars and MGM, his toolkit included SIM swapping and social engineering. Welcome to America, Tyler—hope you like federal courtrooms.

Phishing with Google’s Seal of Approval: Meanwhile, phisherfolk are reusing Google's DKIM signatures like they’re leftover lasagna—slapping them onto spoofed emails from no-reply@accounts.google.com and tricking even the most paranoid clickers. The result? Legit-looking credential traps hosted on Google Sites. It's like gourmet phishing, served with a side of irony.

Darcula Gets a Brain Upgrade: And if you thought cybercrime required effort, think again. The Darcula phishing kit now uses generative AI to do all the heavy lifting. Bad grammar and clunky templates? Gone. Now, even your cousin Steve with zero hacking skills can impersonate a bank in 100 languages. Thanks, AI.

Tune in for a romp through the latest digital deceptions, complete with dark web drama and facepalms galore. Stay sharp—because the hackers definitely are.

Cyber prof goes missing, ransomware group hacked back, passwords stink, and more!

Fri, 09 May 2025 13:45:17 -0400

In this episode Erich and Javvad discuss a cyber professor that went away, a ransomware group hacks back, passwords are still poor, and more!

Old MS vuln left open, sperm bank breached, Wordpress sites exploited and more!

Tue, 25 Mar 2025 12:45:24 -0400

In this episode, Erich and Javvad discuss a breach of a sperm bank in California, an 9-year old Microsoft vuln that they feel is too unimportant to patch (although it's being exploited), and a hack of over 2000, Wordpress sites

VSCode oopsie, Roblox is your problem, UK says cyber folks are underpaid, and more!

Tue, 25 Mar 2025 12:44:27 -0400

In this episode, Erich and Javvad discuss the VSCode extensions that was used by millions, and that Microsoft wrongly removed, Roblox tells parents if they want safe kids, that's a 'you' problem, and the UK says cyberpros need to make more than the PM. This and more!

Snail Mail Ransomware, Cyber Folks Looking to Move On, and More!

Tue, 25 Mar 2025 12:43:46 -0400

In this episode, Erich and Javvad talk about a confirmed ransomware campaign through snail mail, 60% of cyber pros looking to change employers, 12 Chinese hackers charged by the US, 1.4TB dataset stolen, and more

AI voice scam, military infostealer, Steam malware and more!

Tue, 25 Mar 2025 12:43:02 -0400

In this episode, Erich and Javvad discuss an AI voice scam, the Steam game PirateFi turning out to be info-stealing malware, HCRG hack/ransomware and a Palo Alto firewall vulnerability. All of this and more!

DeepSeek problems, a cybercrime domain crackdown and much, much more!

Tue, 25 Mar 2025 12:41:56 -0400

In this episode, Erich and Javvad discuss issues facing DeepSeek, a law enforcement takedown of cybercrime sites, and much, much more!

Fraudsters arrested, NSA warns, Cambodians ditch a potential scammer

Mon, 27 Jan 2025 08:26:04 -0500

In this episode, Erich and Javvad discuss a warning from the NSA, the arrest of fraudsters in several countries, a story where Cambodian scammers send a potential scammer packing because of his lack of computer skills.

All this and more!

Hackers, Scammers, and a Thousand Arrests – Oh My!

Fri, 06 Dec 2024 10:30:36 -0500

Buckle up, cyber enthusiasts, because this week’s episode is a rollercoaster ride through the murky depths of cybercrime! Erich and Javvad are diving into the story of 1,006 suspects nabbed in a global sting that makes "Ocean’s Eleven" look like a kindergarten playdate. Next, we shop 'til we drop on fake e-commerce sites tied to cybercrime marketplaces—spoiler alert: you’re not getting that “Gucci” bag for $19.99. Finally, we break down the latest saga in the US vs. China cyber espionage showdown, where telecom providers find themselves tangled in a hack straight out of a Hollywood thriller.

It’s cyber justice, scams, and geopolitical drama served with a side of sarcasm and a heaping dose of security tips you’ll actually want to use. Don’t miss it!

Stories from the show:

Major cybercrime operation nets 1,006 suspects
https://www.interpol.int/en/News-and-Events/News/2024/Major-cybercrime-operation-nets-1-006-suspects

Fraudulent shopping sites tied to cybercrime marketplace taken offline
https://www.europol.europa.eu/media-press/newsroom/news/fraudulent-shopping-sites-tied-to-cybercrime-marketplace-taken-offline?mtm_campaign=newsletter

White House official: 8 US telecom providers hacked by Chinese
https://www.cnn.com/2024/12/04/politics/us-telecom-providers-chinese-hack/index.html

Hot mess at Hot Topic, Typhoons spreading botnets, ethical hacker dumps data and more!

Fri, 06 Dec 2024 10:29:34 -0500

Hey there, tech detectives and cyber sleuths! Grab your headphones and get ready for another wild ride through the digital jungle with Erich and Javvad. This week, we're diving into a hot mess at Hot Topic (pun totally intended) that's left 57 million people saying 'Uh-oh!' Plus, we'll take you on a typhoon-fueled adventure as China's notorious Volt Typhoon crew makes a shocking comeback. It's like a cyber soap opera, but with way more zeroes and ones! So, buckle up, buttercup – it's time to unravel these tangled webs of tech drama!

Stories from the show:

HIBP notifies 57 million people of Hot Topic data breach
https://www.bleepingcomputer.com/news/security/hibp-notifies-57-million-people-of-hot-topic-data-breach/

China's Volt Typhoon crew and its botnet surge back with a vengeance
https://www.theregister.com/2024/11/13/china_volt_typhoon_back/

Amazon MOVEit Leaker Claims to Be Ethical Hacker
https://www.infosecurity-magazine.com/news/amazon-moveit-leaker-claims/

Ransomware and baguettes, Synology woes, spying fryers and more!

Fri, 06 Dec 2024 10:24:19 -0500

In this episode, Erich and Javvad discuss some odd ransomware demands, a serious flaw with Synology, spying fryers and much more!

Brits hiring for cheap, Teams as an exploit, NK and Play work together and more!

Fri, 01 Nov 2024 11:16:24 -0400

In this episode, Erich and Javvad discuss how the British government is trying to hire more security pros for next to nothing, how Teams is being used as an attack vector, and how North Korean attackers have paired up with the Play ransomware group. All this and more!

Stories from the show:

Wanted. Top infosec pros willing to defend Britain on shabby salaries
https://www.theregister.com/2024/10/29/gchq_needs_advanced_cybersecurity_professionals/

Hackers Exploit Microsoft Teams In New Ransomware Scam
https://www.forbes.com/sites/larsdaniel/2024/10/30/hackers-posing-as-it-support-on-teams-new-ransomware-scam-targeting-your-workplace/

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
https://thehackernews.com/2024/10/north-korean-group-collaborates-with.html

Cisco breach, MS misplaces security logs, SolarWinds screws up again, and more!

Fri, 18 Oct 2024 10:39:49 -0400

In this episode, Erich and Javvad talk about the latest SolarWinds screw up, Cisco data showing up on the dark web, Microsoft losing security logs for a bit, and much, much more!

Microsoft warns it lost some customer's security logs for a month
https://www.bleepingcomputer.com/news/security/microsoft-warns-it-lost-some-customers-security-logs-for-a-month/

Critical hardcoded SolarWinds credential now exploited in the wild
https://www.theregister.com/2024/10/16/solarwinds_critical_hardcoded_credential_bug/

Cisco investigates breach after stolen data for sale on hacking forum
https://www.bleepingcomputer.com/news/security/cisco-investigates-breach-after-stolen-data-for-sale-on-hacking-forum/

Firm hacked after accidentally hiring North Korean cyber criminal
https://www.bbc.co.uk/news/articles/ce8vedz4yk7o

Kaspersky pulls a quick one, Florida get a bath and more!

Fri, 04 Oct 2024 09:19:55 -0400

In thi e pisode, Erich and Javvad talk about the Kaspersky switch-a-roo and the storm hitting the Eastern US right now, which will certainly turn into scammers taking advantage of people in a bad spot.

All this and more!

Special Guest Thomas Ryan, Meow pounces and more!

Fri, 04 Oct 2024 09:18:57 -0400

In this episode, Erich and Javvad speak to Thomas Ryan of 'Robin Sage' fame, the big jump the Meow ransomware group took, and much, much more!

OnlyFans fakery, fraud at all time high, Russian trolling and more!

Fri, 06 Sep 2024 11:08:17 -0400

In this episode, Erich and Javvad chat about the Russian trolling in the US elections, fraud hitting the 'heighest ever' levels, a fake OnlyFans tool, and more!

Stories from the show:

Russian trolling 2.0: How the Kremlin shifted tactics from its 2016 election strategy
https://uk.news.yahoo.com/russian-trolling-2-0-kremlin-211903137.html

Fraud and scam complaints reach ‘highest ever’ level
https://www.fstech.co.uk/fst/Fraud_And_Scam_Complaints_Reach_Highest_Ever_Level.php

Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords
https://www.bleepingcomputer.com/news/security/fake-onlyfans-cybercrime-tool-infects-hackers-with-malware/

Deadbeat Dad, Critical Chrome, Halliburton Hack, Midnight Malware and more!

Fri, 06 Sep 2024 11:05:29 -0400

In this episode, Erich and Javvad discuss a deadbeat dad that made himself look deceased to end child support payments, a critical chrome patch that is being actively exploited, an incident with Halliburton and ransomware attacks at night.

All this and more!

Stories from the show:

Most Ransomware Attacks Now Happen at Night
https://www.infosecurity-magazine.com/news/most-ransomware-attacks-happen/

Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild
https://thehackernews.com/2024/08/google-fixes-high-severity-chrome-flaw.html

Deadbeat dad faked his own death by hacking government databases
https://www.theregister.com/2024/08/21/man_jailed_faking_death_online/

Halliburton confirms cyber attack on certain systems
https://www.reuters.com/technology/cybersecurity/halliburton-confirms-cyber-attack-certain-systems-2024-08-23/

Um... Crowdstrike... oh, and other stuff

Fri, 19 Jul 2024 15:23:03 -0400

In this episode Erich and Javvad talk about Crowdstrike, and other stuff. I mean on a day like today, is there really anything else to talk about? Join us and be a part of the discussion

AT&T breach exposes call/text records, 10 billion creds dumped and more!

Fri, 12 Jul 2024 11:55:07 -0400

In this episode, Erich and Javvad talk about the latest AT&T breach, a dump of 10 billion credentials, Singapore banks ditching texted 2FA, and much more!

Stories from the show:

AT&T data breach: Millions of customers caught up in major dark web leak
https://www.bbc.co.uk/news/world-us-c...

Singapore's banks to ditch texted one-time passwords
https://www.theregister.com/2024/07/1...

Nearly 10 billion stolen passwords were leaked on a hacker forum
https://www.securitymagazine.com/arti...

Telco infects users, crypto scammers pull a fast one, and much more!

Fri, 28 Jun 2024 10:50:36 -0400

In this episode, Erich and Javvad discuss the Korean telco that allegedly infected its P2P users with malware, Crypto scammers posing as lawyers to steal $10m and much more!

Travel scams are way up, Kaspersky being banned, Chinese users targeted with VPN malware

Fri, 21 Jun 2024 10:35:54 -0400

In this episode, Erich and Javvad chat about the Kaspersky ban in the US, a threat actor targeting Chinese users with VPN malware and Booking.com reports a 900% jump in travels scams. All this and more

Stories from the show:

Biden bans Kaspersky antivirus software in US over security concerns
https://www.bleepingcomputer.com/news/security/biden-bans-kaspersky-antivirus-software-in-us-over-security-concerns/

New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers
https://thehackernews.com/2024/06/void-arachne-uses-deepfakes-and-ai-to.html

Booking.com warns of up to 900% increase in travel scams
https://www.bbc.com/news/articles/c8003dd8jzeo

MS Recall recalled, sacked employee creates havok, Frontier customers data in trouble, and more!

Fri, 14 Jun 2024 10:53:27 -0400

In this episode, Ericha nd Javvad are covering some of the more interesting Cybersecurity stories this week. MS Recall gets recalled, a fired employee deletes a bunch of servers, Frontier communications is about to lose control of data from 750k customers, and more!

Stories from the show:

Microsoft Made Changes to Recall Feature Following Controversial Security Concerns

https://cybersecuritynews.com/microsoft-recall-security-concerns/

Frontier hackers threaten to release private data for at least 750,000 customers

https://www.theverge.com/2024/6/10/24175169/frontier-communications-hack-cyberattack-data-breach-ransom

Fired employee accessed company’s computer 'test system' and deleted servers, causing it to lose S$918,000

https://www.channelnewsasia.com/singapore/former-employee-hack-ncs-delete-virtual-servers-quality-testing-4402141

Tik Tok targeted, Ruskies cyber attack hospitals,Lockit unlocked and more!

Fri, 07 Jun 2024 12:44:48 -0400

In this episode, Erich and Javvad talk about the TikTok breach, Russians cyber attacking hospitals LockBit keys being released and much more!

Stories from the show:

'Russian criminals' behind hospitals cyber attack
https://www.bbc.com/news/articles/cxee7317kgmo

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out
https://www.bleepingcomputer.com/news/security/fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out/#google_vignette

Paris Hilton among users targeted in TikTok hack
https://www.bbc.com/news/articles/cl770d121gro

Cisco fixes WebEx flaw that allowed government, military meetings to be spied on
https://www.theregister.com/2024/06/07/cisco_fixes_webex_flaw_which/

600k routers bricked, Ticketmaster breached, botnets crushed and arrests made!

Fri, 31 May 2024 10:59:31 -0400

In this episode, Erich and Javvad discuss an attack that bricked over 600,000 routers, some serious botnet takedowns, the Ticketmaster breach and much more!

Stories from the show:

Malware botnet bricked 600,000 routers in mysterious 2023 attack
https://www.bleepingcomputer.com/news/security/malware-botnet-bricked-600-000-routers-in-mysterious-2023-attack/#google_vignette

Multiple botnets dismantled in largest-ever international operation against ransomware
https://www.techcentral.ie/multiple-botnets-dismantled-in-largest-ever-international-operation-against-ransomware/

Ticketmaster breached — data of over 500 million users allegedly put up for sale online
https://www.techradar.com/pro/security/ticketmaster-breached-data-of-over-500-million-users-allegedly-put-up-for-sale-online

Chinese national cuffed on charges of running 'likely the world's largest botnet ever'
https://www.theregister.com/2024/05/29/911s5_botnet_arrest/

Leicester leaves the lights on_ ransomware attacks booze distribution and more!

Fri, 26 Apr 2024 12:05:19 -0400

In this episode, Erich and Javvad talk about a cyber problem in Leicester, booze distribution problems in Sweden due to ransomware and much more!

RAT leader busted, LabHost crushed, Frontier hit and more!

Fri, 19 Apr 2024 11:03:51 -0400

In this episode, Erich and Javvad talk about the leader of the Hive RAT getting busted, another bust of LabHost, Frontier communications hit, and more!

The cyber camp from Randy:

https://www.randylee.com/cybercamp

Stories from the show:

Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

https://thehackernews.com/2024/04/hive-rat-creators-and-35m-cryptojacking.html

Police bust global cyber gang accused of industrial-scale fraud

https://www.bbc.com/news/uk-68838977

Frontier Communications shuts down systems after cyberattack

https://www.bleepingcomputer.com/news/security/frontier-communications-shuts-down-systems-after-cyberattack/#google_vignette

840-bed hospital in France postpones procedures after cyberattack

https://www.bleepingcomputer.com/news/security/chc-sv-hospital-in-france-postpones-procedures-after-cyberattack/

Charities hit, LG TVs a danger, exposed spies, taxis leak details and more!

Fri, 12 Apr 2024 10:35:51 -0400

In this episode, Erich and Javvad talk about UK charities being hit, spies accidentally exposed themselves and UK taxi software leaks some details.

All this and more in this episode!

Stories from the show:

Global taxi software vendor exposes details of nearly 300K across UK and Ireland
https://www.theregister.com/2024/04/11/icabbi_database_exposure/

Over 90,000 LG Smart TVs may be exposed to remote attacks
https://www.bleepingcomputer.com/news/security/over-90-000-lg-smart-tvs-may-be-exposed-to-remote-attacks/

Head of Israeli cyber spy unit exposed ... by his own privacy mistake
https://www.theregister.com/2024/04/08/infosec_news_roundup/

Third of charities experienced a cyber breach last year, government reports
https://www.civilsociety.co.uk/news/third-of-charities-experienced-a-cyber-breach-last-year-government-reports.html

Microsoft problems, IR helpline calls double, YouTube used for malware and more!

Fri, 05 Apr 2024 10:08:16 -0400

In this episode Erich and Javvad talk about Scottish IR calls doubling , Microsoft getting beat up over security, YouTube being used to spread malware and what LockBit has done after it took a hit from law enforcement.

Stories from the show:

Calls to Incident Response Helpline Double in a Year
https://www.infosecurity-magazine.com/news/calls-incident-response-helpline/

Microsoft roasted over “cascade of security failures”
https://www.thestack.technology/microsoft-roasted-by-csrd-over-security-key-theft/

YouTube being used to distribute malware
https://cybernews.com/security/youtube-used-to-distribute-malware/

LockBit Scrambles After Takedown, Repopulates Leak Site with Old Breaches
https://www.infosecurity-magazine.com/news/lockbit-takedown-leak-site-old/

Military cloud leak, Southern Water leak, ransomware victims up in 2023

Fri, 16 Feb 2024 10:29:04 -0500

In this episode, Erich and Javvad talk about the clud leak of military data, a UK data leak at Southern Water, the rise in ransomware victims in 2023 and more!

Stories from the show:

US military notifies 20,000 of data breach after cloud email leak
https://techcrunch.com/2024/02/14/department-defense-data-breach-microsoft-cloud-email/

Southern Water Notifies Customers and Employees of Data Breach
https://www.infosecurity-magazine.com/news/southern-water-notifies-customers/

Ransomware victim numbers rose by 50% in 2023
https://www.csoonline.com/article/1306045/ransomware-victim-numbers-rose-by-50-in-2023.html

Toothbrush botnet, big rewards for Hive members, LinkedIn as a breach notification and more!

Fri, 09 Feb 2024 13:14:56 -0500

In this episode, Erich and Javvad discuss the reward being offered for Hive ransomware members, a botnoet of toothbrushes, a breach that left a healthcare provider using LinkedIn as a notifcation platform, and more!

Stories from the show:

https://www.techradar.com/pro/security/major-data-breach-at-healthcare-provider-puts-millions-of-customers-at-risk

https://www.forbes.com/sites/daveywinder/2024/02/08/surprising-3-million-hacked-toothbrushes-story-goes-viral-is-it-true/?sh=22dc0e296147

https://www.theregister.com/2024/02/09/hive_leaders_bounty/

Mother of all breaches, NSA buying web browsing data, UK councils hit and more!

Fri, 26 Jan 2024 11:01:39 -0500

In this episode, Erich and Javvad discuss the cyberattack targeting UK councils, what might be the Mother of All Breaches (MOAB) with 26 billion records, the NSA buying web browsing data, and more.

Stories from the show:

Cyberattack targeting UK councils causes online disruption
https://uk.style.yahoo.com/cyberattack-targeting-uk-councils-causes-154505162.html?guccounter=1

Mother of all breaches reveals 26 billion records: what we know so far
https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/

US National Security Agency buys web browsing data without warrant, letter shows
https://www.reuters.com/technology/cybersecurity/national-security-agency-buys-web-browsing-data-without-warrant-letter-shows-2024-01-26/

71 million new emails added to HIBP, Bosch thermostat dangers, SEC hacked, and more!

Fri, 19 Jan 2024 10:38:54 -0500

In thie episode, Erich and Javvad are talking about the SEC Twitter/x/whateveritis account getting hacked, a vulnerability in Bosch thermostats, the NCA director getting sacked over using personal accounts for sensitive info, and more!

Check us out on LinkedIn, YouTube or as an audio-only podcast on all of your favorite platforms

Some stories from the show:

Have I Been Pwned adds 71 million emails from Naz.API stolen account list
https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-71-million-emails-from-nazapi-stolen-account-list/

Bosch thermostats vulnerable to malware attacks
https://www.scmagazine.com/brief/bosch-thermostats-vulnerable-to-malware-attacks

Senators Want Better SEC Cybersecurity After EFT-Related Hack
https://www.pymnts.com/cybersecurity/2024/senators-want-better-sec-cybersecurity-after-eft-related-hack/

NCA director sacked after WhatsApp and email security breaches
https://www.computerweekly.com/news/366566272/NCA-director-sacked-after-WhatsApp-and-email-security-breaches

Water authority attacked, Apple was skimming off the top of scams, cheap luggage and more!

Fri, 12 Jan 2024 10:32:29 -0500

In this episode, James is guest hosting again, and Erich and him cover some of the most interesting cybersecurity stories of the week.

Did Apple profit from letting scammers demand iTunes gift cards? The courts say it deserves a trial.

O'Hare airport selling lost luggage for less than $10? A Facebook ad says yes!

A water authority in the Pittsburgh-area was attacked by Iran because... they used Israeli-made equipment; more crypto stuff being spread through social media account takovers, this time with a cybersecurity vendor, and more!

Join one of our live streams at 10am Eastern Time to comment

Stories from the show:

States and Congress wrestle with cybersecurity after Iran attacks Pittsburgh-area water authority
https://www.cbsnews.com/pittsburgh/news/states-congress-wrestle-cybersecurity-iran-attacks-aliquippa-water-authority/

Apple agrees to settle lawsuit over iTunes gift card scam
https://www.reuters.com/legal/apple-agrees-settle-lawsuit-over-itunes-gift-card-scam-2024-01-03/

Security Firm Certik’s Account Hijacked to Spread Crypto Drainer
https://www.infosecurity-magazine.com/news/certiks-account-hijacked-crypto/

Scam Claims You Can Buy Unclaimed Luggage From O’Hare For $9.95
https://blockclubchicago.org/2024/01/08/scam-claims-you-can-buy-unclaimed-luggage-from-ohare-for-9-95-but-its-not-true/

Welcome to 2024!

Fri, 05 Jan 2024 11:45:52 -0500

In this episode, the first of 2024, James McQuiggan fills in for Javvad as we welcome in the new year.

Stories from the show:
Budget cuts take a toll on IT decision makers’ mental health
https://www.helpnetsecurity.com/2024/01/05/it-decision-makers-wellbeing/

Google Chrome starts blocking data tracking cookies
https://www.bbc.com/news/technology-67882315

Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack
https://thehackernews.com/2024/01/mandiants-twitter-account-restored.html

Wrapping up 2023 with a call center takedown and more!

Fri, 05 Jan 2024 11:42:01 -0500

In this episode, Erich and Javvad wrap up 2023 with a story about a Florida woman hitting her boyfriend with a Christmas tree, plus they discuss a call center takedown in India that netted arrests of 36 people, and more!

Booking.com users targeted, home purchases stopped and hospitals shut down!

Fri, 01 Dec 2023 10:33:00 -0500

In ths episode, Erich and Javvad talk about cyber attacks impacting people buying homes, how cybercriminals are targeting booking.com users, and more hospital outages caused by ransomware.

All of these cybersecurity stories and more!

Stories from the show:

Thousands of house purchases frozen by cyber attack
https://finance.yahoo.com/news/thousands-house-purchases-frozen-cyber-183437339.html

Booking.com hackers increase attacks on customers
https://www.bbc.com/news/technology-67583486

Cyber-attack closes hospital emergency rooms in three US states
https://www.theguardian.com/us-news/2023/nov/28/cyber-attack-us-hospitals-texas-oklahoma-new-mexico

Regulator says stranger entered hospital, treated a patient, took a document ... then vanished
https://www.theregister.com/2023/12/01/nhs_health_board_ticked_off/

EasyJet investigation dropped due to lack of resources, C2 via calendars and more!

Fri, 10 Nov 2023 11:07:36 -0500

In this episode, Erich and Javvad talk about using Google Calendar as a C2 channel, how a lack of resources ended the investigation into the EasyJet breach, and more!

Stories from the show:
EasyJet hack investigation abandoned because of ‘limited resources’

https://www.itpro.com/security/data-breaches/limited-resources-scuppers-ico-probe-into-easyjet-breach

Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel
https://thehackernews.com/2023/11/google-warns-of-hackers-absing-calendar.html

Mr. Cooper Responds to Cyberattack: Offering Enhanced Payment Options for Customers
https://ts2.space/en/mr-cooper-responds-to-cyberattack-offering-enhanced-payment-options-for-customers/#google_vignette

Court rules automakers can record and intercept owner text messages
https://therecord.media/class-action-lawsuit-cars-text-messages-privacy

Plastic surgeons hit by hackers
https://www.timesnownews.com/technology-science/plastic-surgery-data-breach-nude-photos-leaked-article-105062693

North Korea antics, dual ransomware, router firmware compromise and more!

Fri, 06 Oct 2023 13:14:47 -0400

After quite a bit of travel in the last couple of weeks, the dynamic duo is back to chat about recent #cybersecurity stories and more.

In this episode, Erich and Javvad talk about some of the most recent antics from North Korea, including attacks on shipbuilding and aerospace organizations, something called a 'Dual Ransomware Attack', and much more.

Stories from the show:

South Korea accuses North of Phish and Ships attack
https://www.theregister.com/2023/10/05/north_korea_phishing_attack_on_south/

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm
https://www.helpnetsecurity.com/2023/10/02/lazarus-lightlesscan/

FBI: Crippling 'Dual Ransomware Attacks' on the Rise
https://www.darkreading.com/threat-intelligence/fbi-highlights-dual-ransomware-attack-in-rising-cybertrends

People's Republic of China-Linked Cyber Actors Hide in Router Firmware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a

Cyber attack on Polish trains, Qakbot takedown, Forever 21 breach and more!

Fri, 01 Sep 2023 10:41:48 -0400

In this episode, Erich and Javvad discuss the takedown of the Qakbot botnet, an attack on the Polish train system, the Forever 21 breach, which impacts more than 500k people, and much more.

Stories from the show:

https://www.bleepingcomputer.com/news/security/classiscam-fraud-as-a-service-expands-now-targets-banks-and-251-brands/
Classiscam fraud-as-a-service expands, now targets banks and 251 brands

FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown
https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown

Poland investigates cyber-attack on rail network
https://www.bbc.com/news/world-europe-66630260

Forever 21 Data Breach: Personal Details of Over 500,000 Customers, Employees Compromised

https://www.techtimes.com/articles/295813/20230831/forever-21-data-breach-personal-details-over-500-000-customers.htm

Post BSides LV/BlackHat/DEFCON and cyberstories of the week

Fri, 25 Aug 2023 11:10:23 -0400

Erich and Javvad are back after taking a couple of weeks off to vacation and to attend BSides Las Vegas, Blackhat and DEFCON. In this episode they talk about the conference and what has been happening in the cyber world for the past couple of weeks

Stories from the show:

Danish cloud host says customers ‘lost all data’ after ransomware attack
https://techcrunch.com/2023/08/23/cloudnordic-azero-cloud-host-ransomware/

Cybercriminals turn to AI to bypass modern email security measures
https://www.helpnetsecurity.com/2023/08/23/ai-enabled-email-threats/

TP-Link smart bulbs can let hackers steal your WiFi password
https://www.bleepingcomputer.com/news/security/tp-link-smart-bulbs-can-let-hackers-steal-your-wifi-password/

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
https://www.bbc.co.uk/news/technology-60864283

Deepfakes fooling humans, NHS staff sharing data, Black Hat USA and much more!

Fri, 04 Aug 2023 10:49:36 -0400

In this episode, Erich and Javvad talk about the upcoming BSides Las Vegas, Black Hat and DEFCON conferences, NHS sharing data via WhatsApp, the #cyber skills gap, and much more

Stories from the show:
Humans Unable to Reliably Detect Deepfake Speech
https://www.infosecurity-magazine.com/news/humans-detect-deefake-speech/

NHS Staff Reprimanded For WhatsApp Data Sharing
https://www.infosecurity-magazine.com/news/nhs-staff-reprimanded-whatsapp/

Microsoft Teams Targeted in Midnight Blizzard Phishing Attacks
https://www.infosecurity-magazine.com/news/microsoft-teams-midnight-blizzard/

Hacktivist Collective “Mysterious Team Bangladesh” Revealed
https://www.infosecurity-magazine.com/news/mysterious-team-bangladesh-revealed/

Report outlines causes of cyber security skills gap
https://www.publicsectorexecutive.com/articles/report-outlines-causes-cyber-security-skills-gap

A cardiac event, Tampa hospital breach, SEC releases new rules, and more!

Fri, 28 Jul 2023 10:27:12 -0400

In this episode, Erich and Javvad discuss current #cybersecurity stories including the attack on a cardiac services vendor, an attack on a Tampa hospital and some new SEC rules around breaches.

All this and more!

Stories from the show:

Security Incident Impacts CardioComm’s Operations
https://www.infosecurity-magazine.com/news/security-incident-cardiocomm/

Tampa General Hospital Data Breach Impacts 1.2 Million Patients
https://www.infosecurity-magazine.com/news/tampa-hospital-data-breach/

The passing of Kevin Mitnick, Ukraine grabs 150k SIM cards, and more!

Fri, 21 Jul 2023 10:47:27 -0400

Today morning Erich and Javvad recount their experiences with the famed hacker and colleague Kevin Mitnick, chat about a Ukrainian takedown netting 150k SIM cards, concernes over the Frenchies plan to use AI to surveil the Paris olympics, Microsoft deciding that allowing access to security logs, without a fee, is good, and much more from the world of #cybersecurity.

Stories from the show:

Kevin Mitnick passed away at 59
https://www.dignitymemorial.com/obituaries/las-vegas-nv/kevin-mitnick-11371668

French Assembly passes bill allowing police to remotely activate phone cameras and microphones for surveillance
https://www.engadget.com/french-assembly-passes-bill-allowing-police-to-remotely-activate-phone-cameras-and-microphones-for-surveillance-210539401.html

Paris 2024 Olympics: Concern over French plan for AI surveillance
https://www.bbc.co.uk/news/world-europe-66122743

Under CISA pressure, err collaboration, Microsoft makes cloud security logs available for free
https://www.theregister.com/2023/07/20/under_cisa_spressures_collaboration_microsoft/

Ukraine takes down massive bot farm, seizes 150,000 SIM cards
https://www.bleepingcomputer.com/news/security/ukraine-takes-down-massive-bot-farm-seizes-150-000-sim-cards/

US gov email hacked, security geek goes rogue, and much more!

Fri, 14 Jul 2023 10:40:17 -0400

In this episode Erich and Javvad talk about the US government email hack, an ethical hacker gone rogue, Ruskies tempting diplomats with a cheap car, and more #cybersecurity stories from this week.

Stories from the show:
Fewer Than 100 Scammers Responsible For Global Email Extortion
https://www.infosecurity-magazine.com/news/fewer-100-scammers-global-email/

Chinese Hackers Gained Access To Some U.S. Government Emails, Microsoft Says
https://www.forbes.com/sites/siladityaray/2023/07/12/chinese-hackers-gained-access-to-some-us-government-emails-microsoft-says/?sh=5f49e30c2a37

Russian hackers lured diplomats in Ukraine with cheap BMW ad
https://www.reuters.com/world/europe/russian-hackers-lured-embassy-workers-ukraine-with-an-ad-cheap-bmw-2023-07-12/

Cybersecurity professional accused of stealing $9M in crypto
https://techcrunch.com/2023/07/11/cybersecurity-professional-charged-for-stealing-9-million-in-crypto/?guccounter=1

Number of email-based phishing attacks surges 464%
https://www.helpnetsecurity.com/2023/07/10/evolving-cyberattack-landscape/

Indian developer fired 90 percent of tech support team, outsourced the job to AI
https://www.theregister.com/2023/07/13/dukaan_ai_support_replacement/

Anatsa targets Androids, more MOVEit trouble and much more

Fri, 30 Jun 2023 12:27:10 -0400

In this episode Erich and Javvad discuss the issues with the Anatsa malware being spread on the Google Play store, the issue Siemens Energy has with MOVEit and pilot data being lost in a breach. This and much more!

Stories from the show:
‘Anatsa’ malware targets banking users in US, UK and Central Europe
https://siliconangle.com/2023/06/27/anatsa-malware-targets-banking-users-us-uk-central-europe/

Siemens Energy confirms data breach after MOVEit data-theftattack
https://www.bleepingcomputer.com/news/security/siemens-energy-confirms-data-breach-after-moveit-data-theft-attack/

Pilot data of American Airlines and Southwest stolen in data breach
https://www.csoonline.com/article/643352/pilot-data-of-american-airlines-and-southwest-stolen-in-data-breach.html

Apple 0-Day, Every Louisiana drivers licence hold info dumped and more!

Fri, 23 Jun 2023 10:27:32 -0400

In this episode we discuss the new Apple 0-day, the Lousiana MVD losing info on millions of licensed drivers in the state, and more #cybersecurity stories!

Stories from the show:

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

https://thehackernews.com/2023/06/zero-day-alert-apple-releases-patches.html

Every Louisiana driver’s license holder exposed in colossal cyber-attack

https://www.theguardian.com/us-news/2023/jun/16/louisiana-drivers-license-hack-cyber-attack

FTC accuses DNA testing company of lying about dumping samples

https://www.theregister.com/2023/06/21/dna_testing_company_ftc_complaint/

US Offers $10m Reward For MOVEit Attackers

https://www.infosecurity-magazine.com/news/us-offers-10m-reward-for-moveit/

Ring gets fined, Android app starts spying, RaidForums members leaked and more!

Fri, 02 Jun 2023 10:44:33 -0400

In this episode, Erich and Javvad cover the top #cybersecurity stories of the week including the settlment over Ring and Alexa, and Andriod app that started spying, a dark web data link with RaidForums member info, and much more!

Stories from the show:

Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine

https://www.theregister.com/2023/06/01/ftc_alexa_ring_amazon_settlement/

Most CEOs now see cybersecurity as more important than economic performance

https://www.techradar.com/news/most-ceos-now-see-cybersecurity-as-more-important-than-economic-performance

Check your phone: Popular Android app reportedly started spying on users, making recordings

https://www.msn.com/en-us/money/other/check-your-phone-popular-android-app-reportedly-started-spying-on-users-making-recordings/ar-AA1bUISq

Dark Web Data Leak Exposes RaidForums Members

https://www.infosecurity-magazine.com/news/data-leak-exposes-raidforums/

Government publishes guidelines on cybersecurity

https://www.rte.ie/news/business/2023/0601/1386968-government-publishes-guidelines-on-cybersecurity/

Meta hit with a huge fine, Dish loses data, bad bet on DraftKings and more!

Fri, 26 May 2023 10:59:19 -0400

In this episode, Erich and Javvad talk about Dish breach, an IT worker that piggybacked on a hackers extortion attempt, Googles new .zip and .mov domains, Met's huge $1.3B fine, and much more #cybersecurity news!

Stories from the show:

Dish confirms 300,000 peoples data was exposed in February’s attack
https://www.theregister.com/2023/05/23/dish_networks/

IT Worker Admits Piggybacking on Hacker's Extortion Attempt
https://www.inforisktoday.com/worker-admits-piggybacking-on-hackers-extortion-attempt-a-22142

18-year-old charged with hacking 60,000 DraftKings betting accounts
https://www.bleepingcomputer.com/news/security/18-year-old-charged-with-hacking-60-000-draftkings-betting-accounts/

Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool

Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations
https://www.darkreading.com/endpoint/meta-hit-1-3b-record-breaking-fine-gdpr-violations

Tik Tok banned in Montana, insurance = ransomware victims and more!

Fri, 19 May 2023 11:15:33 -0400

In this episode Erich and Javvad discuss the weekly stories in #cybersecurity, including the Tik Tok ban in Montana, insured organizations are more likely to be ransomware victims, OpenAI CEO calls for slowing and more!

Stories from the show:

TikTok: Montana to become first US state to ban app on personal devices

https://www.bbc.com/news/business-65630201

Insured companies more likely to be ransomware victims, sometimes more than once

https://www.csoonline.com/article/3696350/insured-companies-more-likely-to-be-ransomware-victims-sometimes-more-than-once.html

UK Pension Scheme: Members Should Assume Capita Data Theft

https://www.infosecurity-magazine.com/news/pension-scheme-members-capita-data/

Sam Altman: CEO of OpenAI calls for US to regulate artificial intelligence

https://www.bbc.com/news/world-us-canada-65616866

Upstart encryption app walks back privacy claims, pulls from stores after probe

https://www.theregister.com/2023/05/17/converso_e2ee_app/

Back from some time off. Some key cybersecurity stories of the past few weeks

Fri, 12 May 2023 11:56:29 -0400

In this episode, Javvad and Erich recover from a crazy April and early May, but are back live to chat about some top cyber stories.

Stories from the show:

Deconstructing a Cybersecurity Event
https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/

European Parliament points to Morocco as ‘possibly’ responsible for Pegasus spying
https://thediplomatinspain.com/en/2023/05/european-parliament-points-to-morocco-as-possibly-responsible-for-pegasus-spying/

India to send official whassup to WhatsApp after massive spamstorm
https://www.theregister.com/2023/05/12/india_whatsapp_spam_privacy_demands/

HP Firmware update blocks 3rd party ink
https://twitter.com/dcuthbert/status/1656926678096986112?s=20

NCSC and ICO Dispel Incident Reporting Myths
https://www.infosecurity-magazine.com/news/ncsc-ico-dispel-incident-reporting/

Bad Bots Now Account For 30% of All Internet Traffic
https://www.infosecurity-magazine.com/news/bad-bots-now-comprise-30-of-all/

Ransomware payments nearly double in one year
https://www.theguardian.com/technology/2023/may/10/ransomware-payments-nearly-double-in-one-year

Millions of mobile phones come pre-infected with malware, say researchers
https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/

Hacking coffee shops, hillariously bad security, FUD around juice jacking and more!

Fri, 14 Apr 2023 10:00:00 -0400

In this episode, Erich and Javvad talk about the Ruskies hacking Ukrainian coffe shop cameras, FTX's 'cybersecurity' (quotes are on purpose), Latitude Financial's decision not to pay and the FUD around juice jacking. All of this and more #cybersecurity news and information.

Stories from the show:
Russian hackers ‘target security cameras inside Ukraine coffee shops’
https://www.theguardian.com/world/2023/apr/11/russian-hackers-target-security-cameras-inside-ukraine-coffee-shops

PSA: Public Phone Charging Ports Are Malware Magnets
https://www.pcmag.com/news/psa-public-phone-charging-ports-are-malware-magnets

FTX's Cybersecurity Was Hilariously Bad
https://gizmodo.com/ftx-sam-bankman-fried-cybersecurity-hacking-crypto-1850321150

Latitude Financial Refuses to Pay Ransom
https://www.infosecurity-magazine.com/news/latitude-financial-refuses-to-pay/

Marketplace takedown, Uber... again, Telegram is the new marketplace and more!

Fri, 07 Apr 2023 11:02:00 -0400

In thie episode, Erich and Javvad chat about the latest news in #cybersecurity, including another data breach thanks to Uber, IT folks being pressured into silence, UK drops the ball on crime records, and Telegram is replacing (or augmenting) marketplaces. All of this and more #infosec news!

Don't forget to like and subscribe

Stories from the show:
IT and security pros pressured to keep quiet about data breaches
https://www.helpnetsecurity.com/2023/04/06/pressure-keeping-breaches-confidential/

Uber suffers another data breach after law firm’s servers attacked
https://www.siliconrepublic.com/enterprise/uuber-data-breach-driver-info-stolen-law-firm-genova-burns

Travel visa delays after UK’s crime records office hit by cyber ‘incident’
https://www.standard.co.uk/news/uk/travel-visa-delays-nz-australia-us-acro-cybersecurity-police-certificates-data-breach-b1072351.html

Telegram now the go-to place for selling phishing tools and services
https://www.bleepingcomputer.com/news/security/telegram-now-the-go-to-place-for-selling-phishing-tools-and-services/

Takedown of notorious hacker marketplace selling your identity to criminals
https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-notorious-hacker-marketplace-selling-your-identity-to-criminals

ChatCPT crime, Ukrainian cops bust phishing gang and crazy ransomware stats

Fri, 31 Mar 2023 10:33:34 -0400

In this episode, Erich and Javvad discuss how ChatGPT is being used to commit crimes, a phishing gang bust by Ukrainian cops and some rather staggering (and suspicious) ransomware stats. All this and more live at 10am Eastern.

Stories from the show:

Belgian intelligence puts Huawei on its watchlist
https://www.politico.eu/article/belgian-intelligence-huawei-watchlist-espionage-china-eu-nato/

Cybercrime, fraud using ChatGPT on the rise, says Europol
https://www.scmagazine.com/brief/cybercrime/cybercrime-fraud-using-chatgpt-on-the-rise-says-europol

Survey finds that almost three quarters of organizations were hit by a successful ransomware attack in 2022
https://www.continuitycentral.com/index.php/news/technology/8361-survey-finds-that-almost-three-quarters-of-organizations-were-hit-by-a-successful-ransomware-attack-in-2022

Ukrainian Police Bust Multimillion-Dollar Phishing Gang
https://www.infosecurity-magazine.com/news/ukrainian-police-bust-phishing/

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts
https://thehackernews.com/2023/03/fake-chatgpt-chrome-browser-extension.html

Windows is cracked, ransomware cover ups, medical data shared with social media, and more!

Fri, 17 Mar 2023 11:43:33 -0400

In this episode Erich and Javvad Microsoft cracking windows, what it costs when you cover up a ransomware attack, medical info being shared with social media giants, and much more! Check us out at 10am Eastern Time

Stories from the show:

What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m charge
https://www.theregister.com/2023/03/10/sec_blackbaud_3m_penalty/

Microsoft support 'cracks' Windows for customer after activation fails
https://www.bleepingcomputer.com/news/security/microsoft-support-cracks-windows-for-customer-after-activation-fails/

Cerebral admits to sharing patient data with Meta, TikTok, and Google
https://www.theverge.com/2023/3/11/23635518/cerebral-patient-data-meta-tiktok-google-pixel

Humans Still More Effective Than ChatGPT at Phishing
https://www.infosecurity-magazine.com/news/humans-more-effective-chatgpt/

Dole doesn’t expect to recover full costs of ransomware attack
https://www.cybersecuritydive.com/news/dole-recovery-ransomware-attack/644445/

Cyber attack affecting Gloucester museum's system one year on
https://www.bbc.com/news/uk-england-gloucestershire-64917275

Acer hacked, Ruskies post nudez, old Plex install = LastPass hack and more

Fri, 10 Mar 2023 10:44:02 -0500

In this episode Erich and Javvad disucss the Acer hack, a story where a Russian cybercrime gang dumped naked pics of cancer patients when a hospital wouldn't pay the ransom, and how an old version of Plex lead to the latest LastPass hack.

All this and more

Show Notes:

'THE' Video:
A Facebook message that sparked hope
https://www.youtube.com/watch?v=-OH99CFzhFM

Acer confirms server intrusion after miscreant offers 160GB cache of stolen files
https://www.theregister.com/2023/03/08/acer_confirms_server_breach/

LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
https://thehackernews.com/2023/03/lastpass-hack-engineers-failure-to.html

Russian hackers post NAKED photos of Pennsylvania cancer patients receiving treatment to dark web
https://www.dailymail.co.uk/news/article-11833591/Russian-hackers-post-NAKED-photos-Pennsylvania-cancer-patients-hospital-refused-ransom.html

LastPass (Again), U.S. Marshals get hit with ransomware and more

Fri, 03 Mar 2023 11:20:15 -0500

In this episode Erich Javvad discuss important #cybersecurity stories including... Lastpass... again, the U.S. Marshals get pwned by #ransomware, and much more.

Stories from the show:

U.S. Marshals Service suffers 'major' security breach
https://www.nbcnews.com/politics/politics-news/major-us-marshals-service-hack-compromises-sensitive-info-rcna72581

LastPass says employee’s home computer was hacked and corporate vault taken
https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/

Salesforce to sweat assets
https://www.theregister.com/2023/03/02/salesforce_q4_fy_2023/

Hacker leaks alleged Activision employee data on cybercrime forum
https://www.bleepingcomputer.com/news/security/hacker-leaks-alleged-activision-employee-data-on-cybercrime-forum/

NameCheap email hacked, GoDaddy breached for years and WhatsApp woes

Fri, 24 Feb 2023 11:29:49 -0500

In this episode, Erich and Javvad discuss the hack of NameCheap's email, which was used to send phishing emails, how Godaddy has been breached for years, accidental WhatsApp account takeovers and more.

Stories from the show:

NameCheap's email hacked to send Metamask, DHL phishing emails
https://www.bleepingcomputer.com/news/security/namecheaps-email-hacked-to-send-metamask-dhl-phishing-emails/

How a women’s ‘disdain for email guff’ stopped a Putin hack six years on
https://www.independent.co.uk/news/uk/home-news/russia-ukraine-email-putin-hack-b2280580.html

GoDaddy: Hackers stole source code, installed malware in multi-year breach
https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/

Accidental WhatsApp account takeovers? It's a thing
https://www.theregister.com/2023/02/21/accidental_whatsapp_account_takeover/

European Commission bans TikTok on staff devices
https://www.bbc.co.uk/news/technology-64743991

Weee! a Breach, Cyber Diplomat Hacked, Reddit Phished and More!

Fri, 10 Feb 2023 10:44:40 -0500

In this episode, Erich and Javvad discuss the weeks top cybersecurity issues and stories, including the Reddit hack, a top US cybersecurity diplomat's persona Twitter getting pwned, talk about a VMware 0-day and Weee! dealing witha not-so-fun breach.

All of this and more live on Linkedin, Facebook, Twitch and YouTube!

Don't forget to like and subscribe

Stories from the show:
The Top U.S. Cybersecurity Diplomat's Personal Twitter Account Was Hacked
https://www.forbes.com/sites/petersuciu/2023/02/06/the-top-us-cybersecurity-diplomats-personal-twitter-account-was-hacked/?sh=3918883d4d7e

VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree
https://thehackernews.com/2023/02/vmware-finds-no-evidence-of-0-day-flaw.html

Weee! grocery service confirms data breach, 1.1 million affected
https://www.bleepingcomputer.com/news/security/weee-grocery-service-confirms-data-breach-11-million-affected/

Reddit: We had a security incident. Here’s what we know.
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/

£3.9B Fraud and Cybercrime in the UK, ‘The Pooping Perpetrator’, SwiftSlicer Wiper and More

Fri, 03 Feb 2023 10:39:55 -0500

In this episode, Erich and Javvad discuss fraud in the UK, the 'Pooping Perpertrator' gets flushed out, a new Russian wiper is spotted and much, much more!

Join us on LinkedIn to comment live!

Stories from the show:

Over £3.9 BILLION has been lost to fraud and cybercrimes in the last 13 months across the UK
https://ifamagazine.com/article/over-3-9-billion-has-been-lost-to-fraud-and-cybercrimes-in-the-last-13-months-across-the-uk/

Florida Authorities Arrest ‘The Pooping Perpetrator’ for Burglary After Suspect Jumped Naked into River and was Rescued by Police
https://lawandcrime.com/crime/florida-authorities-arrest-the-pooping-perpetrator-for-burglary-after-suspect-jumped-naked-into-river-and-was-rescued-by-police/?ICID=ref_fark

Hackers use new SwiftSlicer wiper to destroy Windows domains
https://www.bleepingcomputer.com/news/security/hackers-use-new-swiftslicer-wiper-to-destroy-windows-domains/

Insider attacks becoming more frequent, more difficult to detect
https://www.helpnetsecurity.com/2023/01/30/detect-insider-attacks/

Anker finally comes clean about its Eufy security cameras
https://www.theverge.com/23573362/anker-eufy-security-camera-answers-encryption

The Feds Bust a Hive, Refunds Scams and More!

Fri, 27 Jan 2023 11:10:31 -0500

In this episode, Erich and Javvad discuss the Hive ransomware group takedown, some refund scams, RMM tool attacks and more.

Stories from the show:

DOJ disrupts major ransomware group
https://www.nbcnews.com/tech/security/doj-disrupts-major-ransomware-group-rcna67627

CISA says federal agencies attacked in refund scam through remote management software
https://therecord.media/cisa-says-federal-agencies-attacked-in-refund-scam-through-remote-management-software/

GoTo says hackers stole encrypted backups during November cyberattack
https://therecord.media/goto-says-hackers-stole-encrypted-backups-during-november-cyberattack/

Odin Defaced, PayPal Loses SSNs, Nissan Has a Vendor Leak, and More!

Fri, 20 Jan 2023 11:04:59 -0500

In this episode we discuss the PayPal issue, Nissan's vendor leaking data an org that gets defaced after ignoring vulnerability warnings, and more!

Stories from the show:

Social Security Numbers Stolen in PayPal Cyberattack
https://www.cnet.com/tech/services-and-software/social-security-numbers-stolen-in-paypal-cyber-attack/

Nissan North America data breach caused by vendor-exposed database
https://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-caused-by-vendor-exposed-database/

ODIN Intelligence website is defaced as hackers claim breach
https://techcrunch.com/2023/01/15/odin-intelligence-website-defaced-sweepwizard/

MailChimp second breach in a year
https://www.theregister.com/2023/01/19/mailchimp_fesses_up_to_2nd/

Solaris taken over by kraken
https://www.bleepingcomputer.com/news/security/illegal-solaris-darknet-market-hijacked-by-competitor-kraken/

It’s a new year! CES Wrap Up, Is Every Outage a Hack? and More

Fri, 13 Jan 2023 11:34:49 -0500

In this episode we welcome in the new year, chat about the future in 2023, recap Erich's trip to CES, talk about the big news of the last couple of weeks, and more.

Stories from the show:

'No Evidence' of Cyberattack Related to FAA Outage, White House Says
https://www.securityweek.com/no-evidence-cyberattack-related-faa-outage-white-house-says

Guardian Tells Workers Their Data Was Compromised in Ransomware Hack
https://www.bloomberg.com/news/articles/2023-01-11/guardian-tells-staff-their-data-was-accessed-in-ransomware-hack

Royal Mail ransomware attackers threaten to publish stolen data
https://www.theguardian.com/business/2023/jan/12/royal-mail-ransomware-attackers-threaten-to-publish-stolen-data

Caught on Camera: Group of thieves accidentally break into Alhambra diaper business
https://www.cbsnews.com/losangeles/news/caught-on-camera-group-of-thieves-accidentally-break-into-alhambra-diaper-business/

Don’t answer another online quiz question until you read this
https://consumer.ftc.gov/consumer-alerts/2023/01/dont-answer-another-online-quiz-question-until-you-read

BlackHat Europe, Android Malware Parasite, Scammers Scamming Scammers and More!

Fri, 09 Dec 2022 11:33:15 -0500

In this episode, Javvad gives hjs report on BlackHat Europe and tells of his upcoming trip to BSides London, a story about scammers scamming each other out of millions of dollars, and an interesting andriod malware that parasites on legit apps. All this and more!

Jargon Ruining Security, over 40% of Work Emails are Junk, and Your Password is What?

Fri, 02 Dec 2022 11:19:46 -0500

In this episode, Erich and Javvad discuss the jargon issue in #cybersecurity, the overwhelming issue of garbage email, the continued trend for crap passwords and more.

Stories from the show:

Cybersecurity jargon impacting communication between C-suite and specialists
https://www.information-age.com/cybersecurity-jargon-impacting-communication-between-c-suite-specialists-123500747/

Unwanted emails steadily creeping into inboxes
https://www.helpnetsecurity.com/2022/11/14/email-security-threats/

Mass Email Extortion Campaign Claims Server Hack
https://www.infosecurity-magazine.com/news/mass-email-extortion-claims-server/

Guess the most common password. Hint: We just told you
https://www.theregister.com/2022/11/25/infosec_roundup/

Liz Truss’ phone hacked, $4M in network access for sale, and more!

Fri, 04 Nov 2022 11:01:23 -0400

In This episode, Erich and Javvad discuss the hack of Liz Truss' phone, the offering of $4M worth of initial network access, the FTC crack down on a repeat offender and more!

Stories from the show

Hackers selling access to 576 corporate networks for $4 million

https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/

FTC Cracks Down on Homework App Provider Chegg for 4 Past Data Breaches

https://www.pcmag.com/news/ftc-cracks-down-on-homework-app-provider-chegg-for-4-past-data-breaches

Liz Truss' phone was 'clearly hacked', says minister

https://news.stv.tv/world/liz-truss-phone-was-clearly-hacked-says-minister

People are pretending to be laid-off Twitter employees carrying boxes outside of HQ

https://www.theverge.com/2022/10/28/23428775/twitter-fake-employee-layoff-rahul-ligma-elon-musk

Purged accounts on LinkedIn, bad Android apps and Raccoon steals 50M credentials

Fri, 28 Oct 2022 10:28:06 -0400

In this episode, Erich and Javvad discuss the cybersecurity stories of the week, including some significant convictions, bots and LinkedIn battle, CVE PoCs used to spread malware and much more!

Stories from the show:

EFCC touts 1,968 cybercrime-related convictions secured in nine months
https://punchng.com/2669-convictions-secured-in-nine-months-efcc/

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn
https://krebsonsecurity.com/2022/10/battle-with-bots-prompts-mass-purge-of-amazon-apple-employee-accounts-on-linkedin/

Security experts targeted with malicious CVE PoC exploits on GitHub
https://securityaffairs.co/wordpress/137527/hacking/malicious-github-repositories.html

Google bans 16 popular Android apps! Millions warned to delete them now
https://www.express.co.uk/life-style/science-technology/1687205/Android-warning-delete-Google-Play-Store-apps-now

See Tickets discloses 2.5 years-long credit card theft breach
https://www.bleepingcomputer.com/news/security/see-tickets-discloses-25-years-long-credit-card-theft-breach/

Feds say Ukrainian man running malware service amassed 50M unique credentials
https://arstechnica.com/information-technology/2022/10/feds-say-ukrainian-man-running-malware-service-amassed-50m-unique-credentials/

Ransomware Gang Gets Scammed, Scammed by an Astronaut and More!

Fri, 21 Oct 2022 11:39:20 -0400

In this episode, Erich and Javvad talk about a woman who was scammed by an 'astronaut' that needed money to get home from the space station, the failure of Microsoft to secure their own product, Chinese police stations around the world, how the Dutch scammed a ransomware gang into giving up decryption keys, and more!

Stories from the show:

An Imposter Claiming to Be an Astronaut Wooed a Japanese Woman Into Paying for a 'Return Ticket to Earth'
https://gizmodo.com/astronaut-iss-instagram-1849638814

Microsoft data breach exposes customers’ contact info, emails
https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/

China opens police stations in Nigeria, clamps down on alleged Chinese fraudsters
https://gazettengr.com/china-opens-police-stations-in-nigeria-clamps-down-on-alleged-chinese-fraudsters/

Police tricked a ransomware gang into handing over its decryption keys. Here's how they did it
https://www.zdnet.com/article/police-tricked-a-ransomware-gang-into-handing-over-its-decryption-keys-heres-how-they-did-it/

Mobile Problems Abound - Android Apps and VPN Service Problems and More

Fri, 14 Oct 2022 11:09:20 -0400

In this episode Javvad and Erich discuss a number of issues with Android phones, including an unofficial WhatsApp app stealing user accounts, how the Always-on VPN is leaking traffic and more.

Stories from the show:

Unofficial WhatsApp Android app caught stealing users’ accounts
https://www.bleepingcomputer.com/news/security/unofficial-whatsapp-android-app-caught-stealing-users-accounts/

Facebook Login Details at Risk as Meta Identifies Over 400 Malicious Apps
https://www.infosecurity-magazine.com/news/facebook-login-details-at-risk/

Android leaks some traffic even when 'Always-on VPN' is enabled
https://www.bleepingcomputer.com/news/google/android-leaks-some-traffic-even-when-always-on-vpn-is-enabled/

Lloyd's of London cuts off network after dodgy activity detected
https://www.theregister.com/2022/10/07/lloyds_london_security_incident/

Human trafficking in cybercrime, social media identity theft and more

Fri, 07 Oct 2022 12:05:52 -0400

In this episode, Erich and Javvad talking about human trafficking related to cybercrime operations, social media account takeovers and more!

Stories from the show:

Guilty verdict in the Uber breach case makes personal liability real for CISOs
https://www.csoonline.com/article/3676148/guilty-verdict-in-the-uber-breach-case-makes-personal-liability-real-for-cisos.html

Jury Finds Former Uber CSO Joe Sullivan Guilty of Cover-Up
https://www.govinfosecurity.com/jury-finds-former-uber-cso-joe-sullivan-guilty-cover-up-a-20187

Twitter post by Whitney Merrill - @wbm312
https://twitter.com/wbm312/status/1577827226196013056

SUPERSEDING INDICTMENT
https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/sullivansupersedingindictment-dec222021.pdf

Twitter whistleblower tells Senate of ‘egregious’ security failings by company
https://www.theguardian.com/technology/2022/sep/13/twitter-whistleblower-testimony-congress-peiter-zatko

Hundreds of Indians Reportedly Trafficked to Myanmar by Cybercrime Operations
https://www.irrawaddy.com/news/burma/hundreds-of-indians-reportedly-trafficked-to-myanmar-by-cybercrime-operations.html/amp

Police arrest teen for using leaked Optus data to extort victims
https://www.bleepingcomputer.com/news/security/police-arrest-teen-for-using-leaked-optus-data-to-extort-victims/

An identity scam that has grown in the past 12 months by more than 1,000% - social media account takeover
https://www.idtheftcenter.org/wp-content/uploads/2022/09/2022-Consumer-Impact-Report_V3.4_Final_Linked.pdf

An Uber incident, WeTransfer used to spread malware and much more!

Fri, 16 Sep 2022 11:43:24 -0400

In this episode, Erich and Javvad speak about the Uber breach, using WeTransfer to spread malware, UK folks fear that their kids will turn to cybercrime due to the rising cost-of-living, and more.

Stories from the show:

Uber investigating 'cybersecurity incident' after report of breach
https://www.reuters.com/business/autos-transportation/uber-investigating-computer-network-breach-nyt-2022-09-16/

Cybercrime Fears for Children as Cost-of-Living Bites
https://www.infosecurity-magazine.com/news/cybercrime-fears-children/

Hackers are using WeTransfer links to spread malware
https://www.msn.com/en-us/news/technology/hackers-are-using-wetransfer-links-to-spread-malware/ar-AA11MEiM

Hackers now use ‘sock puppets’ for more realistic phishing attacks
https://www.bleepingcomputer.com/news/security/hackers-now-use-sock-puppets-for-more-realistic-phishing-attacks/

Hong Kong consumers want right to choose when firms use AI
https://www.zdnet.com/article/hong-kong-consumers-want-right-to-choose-when-firms-use-ai/

Log4j Still a Problem, Credential Stuffing Yeilds 200k Accounts and more!

Fri, 09 Sep 2022 12:09:45 -0400

This week, Javvad and Erich discuss the campaign the Lazarus group is using against US energy companies, surveillance camera access for sale, and how credential stuffing compromised almost 200k accounts at North Face. All this and more!

Stories from the show:

Cybercriminals Are Selling Access to Chinese Surveillance Cameras
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/

200,000 North Face accounts hacked in credential stuffing attack
https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credential-stuffing-attack/

North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies
https://techcrunch.com/2022/09/08/north-korea-lazarus-united-states-energy/

How the ‘man in black’ was exposed by the Russian women he terrorised

https://www.bbc.com/news/world-europe-62799246

Stealthy Coinminers, Ransomware Victims List Over Doubles and More!

Fri, 02 Sep 2022 10:11:00 -0400

In this episode, Javvad and Erich discussa crafty coinminer malware that lays dormant for a while, Okta credential thefts, a huge increase in potential victims of a ransomware attack, and a possible device that allows bad actors to simulate swipes and taps on phones from under a table.

All this and more!

Accepted the Risk Video:
https://www.youtube.com/watch?v=9IG3zqvUqJY

Stories from the show:

Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply-Chain Attack
https://www.darkreading.com/remote-workforce/twilio-hackers-okta-credentials-sprawling-supply-chain-attack

Windows malware delays coinminer install by a month to evade detection
https://www.bleepingcomputer.com/news/security/windows-malware-delays-coinminer-install-by-a-month-to-evade-detection/

Individuals affected by vendor ransomware attack reaches 2.7M
https://www.beckershospitalreview.com/cybersecurity/vendor-ransomware-attack-affects-2-7m-healthcare-organizations.html

Hacking device can secretly swipe and tap your smartphone screen
https://www.newscientist.com/article/2335970-hacking-device-can-secretly-swipe-and-tap-your-smartphone-screen/

On the Road, Twitter is a Mess, French Hospital Down, and More

Fri, 26 Aug 2022 10:55:09 -0400

In this episode, Erich is on the road in Dallas for the Podcast Movement conference, but him and Javvad still take the time out to discuss some major stories on cybersecurity this week.

Stories from the show:

LastPass developer systems hacked to steal source code
https://www.bleepingcomputer.com/news/security/lastpass-developer-systems-hacked-to-steal-source-code/

Twitter whistleblower alleges ‘egregious deficiencies’ in security measures
https://www.theguardian.com/technology/2022/aug/23/twitter-whistleblower-peiter-zatko-mudge-security

Cyber attackers disrupt services at French hospital, demand $10 million ransom
https://www.france24.com/en/europe/20220823-cyber-attackers-disrupt-services-at-french-hospital-demand-10-million-ransom

Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts
https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html

Cisco Hacked, and Black Hat 2022 Wrap Up

Fri, 12 Aug 2022 10:47:45 -0400

In this episode, Javvad and Erich talk about the Cisco hack and wrap up the 2022 Black Hat experience.

Stories from the show:

Las Vegas slammed with more flash floods as iconic strip, casinos under water again
https://nypost.com/2022/08/12/las-vegas-slammed-with-more-flash-floods-as-iconic-strip-casinos-under-water-again/

Smishing Attack Led to Major Twilio Breach
https://www.infosecurity-magazine.com/news/smishing-attack-led-to-major/

Cloudflare: Someone tried to pull the Twilio phishing tactic on us too
https://www.theregister.com/2022/08/10/cloudflare_twilio_phishing/

Cisco Talos shares insights related to recent cyber attack on Cisco
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html

FEMA Warns Systems Vulnerable, $190MIL in Crypto Stolen and Macros Cause Havok

Fri, 05 Aug 2022 10:38:59 -0400

Erich and Javvad discuss a crypto currency theft of around $190mil, FEMA warns about patching emergency alerts systems and macros have become a top way to spread ransomware, plus more stories of the week.

Join us live and chat with us on LinkedIn

Stories from the show:

Hack of US cryptocurrency firm Nomad leads to $190 million loss in bridge attack
https://www.scmagazine.com/analysis/breach/hack-of-us-cryptocurrency-firm-nomad-leads-to-190-million-loss-in-bridge-attack

87% of the ransomware found on the dark web has been delivered via malicious macros
https://www.helpnetsecurity.com/2022/08/03/ransomware-malicious-macros/

FEMA warns emergency alert systems could be hacked to transmit fake messages unless software is updated
https://www.cnn.com/2022/08/03/politics/fema-emergency-alert-software-warning/index.html

Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones
https://www.theregister.com/2022/08/03/tmobile_unlock_prison_phone/

What is your data worth, cyber attacks on shipping and much more!

Fri, 29 Jul 2022 11:25:52 -0400

In this episode Erich and Javvad discuss cyber attacks on the Port of Los Angeles, the value T-Mobile places on your data and much more!

T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People

https://www.darkreading.com/application-security/t-mobile-pitches-4-per-customer-settlement-for-data-leak

Cyber-attacks on Port of Los Angeles have doubled since pandemic

https://www.bbc.com/news/business-62260272

Fake Cisco gear, Microsoft warns about MFA resistant phish, and more!

Fri, 15 Jul 2022 10:46:41 -0400

In this episode, Javvad and Erich discuss a Florida man charged with selling fake Cisco gear, a phish designed to get around MFA, ransomware gangs allow searching of dumped data and Google updates their password manager.

Stories from the show:

Florida man charged with selling fake Cisco equipment in $1 billion scheme
https://www.reuters.com/world/us/florida-man-charged-with-selling-fake-cisco-equipment-1-bln-scheme-2022-07-08/

This big phish can swim around MFA, says Microsoft Security
https://www.theregister.com/2022/07/13/aitm-phishing-microsoft/

Ransomware gang now lets you search their stolen data
https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen-data/

Google Updates Password Manager With New Security, Management Tools
https://uk.pcmag.com/password-managers/141268/google-updates-password-manager-with-new-security-management-tools

India: How a fake 'IPL' cricket league ran for Russian punters
https://www.bbc.com/news/world-asia-india-62123966

Carnival gets a $5mil fine, Microsoft changes mind on macros, and more!

Fri, 08 Jul 2022 10:50:31 -0400

In this episode, Erich and Javvad talk about fake copyright infringement emails, Carnival cruise line is fined $5 for not having MFA, A Dutch univeristy makes money off a paid ransom, unemployment payments taken offline by ransomware and more.

Stories from the show:

Fake copyright infringement emails install LockBit ransomware
https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/

Cruise line operator Carnival hit with $5m fine for failing to implement multi-factor authentication and failing to conduct cyber security training for its staff.
https://www.itpro.co.uk/security/cyber-security/368362/carnival-hit-with-5-million-fine-over-cyber-security-violations

Dutch University retrieves Bitcoin ransomware payment and makes a profit
https://www.theregister.com/2022/07/05/maastricht_university_ransom_return/

Cyberattack shuts down unemployment, labor websites across the US
https://www.theregister.com/2022/07/01/gsi-cyberattack-state-unemployment/

Supermarket chain Wegmans settles with New York over data breach
https://www.reuters.com/business/retail-consumer/supermarket-chain-wegmans-settles-with-new-york-over-data-breach-2022-06-30/

Google Updates Password Manager With New Security, Management Tools
https://uk.pcmag.com/password-managers/141268/google-updates-password-manager-with-new-security-management-tools

Microsoft rolls back decision to block Office macros by default
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-back-decision-to-block-office-macros-by-default/

Voices from the dead, CISA gets serious, and much more!

Fri, 24 Jun 2022 11:40:38 -0400

In this episode, Javvad and Erich chat about Alexa bringing voices from the dead, CISA getting serious about Log4Shell, AI being alive and much, much more.

Stories from the show:

CISA: Log4Shell exploits still being used to hack VMware servers
https://www.bleepingcomputer.com/news/security/cisa-log4shell-exploits-still-being-used-to-hack-vmware-servers/

Conti ransomware hacking spree breaches over 40 orgs in a month
https://www.bleepingcomputer.com/news/security/conti-ransomware-hacking-spree-breaches-over-40-orgs-in-a-month/

Google engineer put on leave after saying AI chatbot has become sentient
https://www.theguardian.com/technology/2022/jun/12/google-engineer-ai-bot-sentient-blake-lemoine

Alexa could soon speak in a dead relative's voice
https://www.npr.org/2022/06/23/1107079194/amazon-alexa-dead-relatives-voice

Burnout, False Hope, and Bad Practices Spell Trouble

Fri, 17 Jun 2022 10:33:07 -0400

Today James McQuiggan (who is in for Javvad) discuss burnout in security folks, reliance on endpoint protection, and how an Elasticsearch server with no password or encryption lost 1 million records.

All this and more on today's show

Stories from the show:

New research reveals overreliance on endpoint protection could be putting organizations at higher risk of exposure to ransomware
https://www.securityinfowatch.com/cybersecurity/information-security/breach-detection/press-release/21271323/gigamon-new-research-reveals-overreliance-on-endpoint-protection-could-be-putting-organizations-at-higher-risk-of-exposure-to-ransomware

Elasticsearch server with no password or encryption leaks a million records
https://www.theregister.com/2022/06/16/storehub_data_leak/

The unrelenting threat of ransomware is pushing cybersecurity workers to quit
https://www.zdnet.com/article/the-unrelenting-threat-of-ransomware-is-driving-cybersecurity-workers-to-quit/

45% of cybersecurity pros are considering quitting the industry due to stress
https://www.helpnetsecurity.com/2022/06/13/cybersecurity-professionals-stress-levels/

Roblox Ransomware, EMOTET is Still Alive, 1 Million Facebook Creds Stolen in 4 Months, and More!

Fri, 10 Jun 2022 11:23:32 -0400

In this episode, Erich and Javvad discuss ransomware demanding payment through ROBLOX, a cybercriminal that stole over 1 million Facebook accounts in 4 months, a data breach exposes 2 million people's info, and they offer no help.

Stories from the show:

Bizarre ransomware sells decryptor on Roblox Game Pass store
https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/

A cybercriminal stole 1 million Facebook account credentials over 4 months
https://www.techrepublic.com/article/a-cybercriminal-stole-1-million-facebook-account-credentials-over-4-months/

Emotet malware detections surge 27-fold in first quarter
https://siliconangle.com/2022/06/09/emotet-malware-detections-surge-first-quarter/

Data breach at health care organization may affect 2 million
https://abcnews.go.com/Health/wireStory/data-breach-health-care-organization-affect-million-85262287

The Jerichshow Episode 88 - Twitter Fined, CFOs Mushroomed, and More!

Fri, 27 May 2022 10:48:06 -0400

In this episode, Erich and Javvad talk about the arrest of a phishing kingpin, in Nigeria surprisingly, the $150m fine Twitter just got, and a study showing that CFO's aren’t being included in ransomware talks.

All this and more in this episode.

Stories from the show:

FTC fines Twitter $150M for using 2FA info for targeted advertising:
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/

Multi-Continental Operation Leads to Arrest of Cybercrime Gang Leader:
https://www.infosecurity-magazine.com/news/operation-arrest-cybercrime-gange/

Most CFOs being left out of ransomware conversations:
https://www.computerweekly.com/news/252520714/Most-CFOs-being-left-out-of-ransomware-conversations

New virus forces people to donate to the poor if they want their data recovered:
https://metro.co.uk/2022/05/24/new-ransomware-demands-victims-donate-to-the-poor-to-unlock-their-data-16698304/

NCSC Report Reveals Phishing Lures Increasingly Disguised as Vaccine Appointments:
https://www.infosecurity-magazine.com/news/phishing-lures-disguised-as/

The Jerichshow Episode 87 - Cyberskills for Cheeseburgers

Fri, 27 May 2022 08:46:11 -0400

The Jerichshow Episode 86 - Planes, Wales, and NFT’s

Fri, 27 May 2022 08:42:22 -0400

The Jerich Show Episode 85 - Coke Hacked, Recruitment SNAFU and Much More!

Fri, 29 Apr 2022 10:36:25 -0400

In this episode Erich and Javvad talk about the Coke hack that may not have happened, the UK Army recruiting portal debacle, and Gloucester's choice not to have cyber insurance. All of this and more in this episode of the Jerich Show

Stories from the show:

Coca-Cola investigates hackers' claims of breach and data theft
https://www.bleepingcomputer.com/news/security/coca-cola-investigates-hackers-claims-of-breach-and-data-theft/

Gloucester council reveals more about why it was not insured against cyber attacks
https://www.gloucestershirelive.co.uk/news/gloucester-news/gloucester-council-reveals-more-not-6935231

Data Breach Disrupts UK Army Recruitment
https://www.infosecurity-magazine.com/news/data-breach-disrupts-uk-army/

North Korean hackers targeting journalists with novel malware

https://www.bleepingcomputer.com/news/security/north-korean-hackers-targeting-journalists-with-novel-malware/

The Jerich Show Episode 84 - Crypto Wallets Targeted, Arrests Made and more!

Fri, 15 Apr 2022 11:15:57 -0400

In this episode, Erich and Javvad cover stories about data breach emails being used to target crypto wallets, some arrests and charges filed against cyber criminals, WhatsApp voice message phishing emails, and much more!

Stories From the Show:

Fake Trezor data breach emails used to steal cryptocurrency wallets
https://www.bleepingcomputer.com/news/security/fake-trezor-data-breach-emails-used-to-steal-cryptocurrency-wallets/

UK charges two teenagers linked to the Lapsus$ hacking group
https://www.bleepingcomputer.com/news/security/uk-charges-two-teenagers-linked-to-the-lapsus-hacking-group/

GitHub can now auto-block commits containing API keys, auth tokens
https://www.bleepingcomputer.com/news/security/github-can-now-auto-block-commits-containing-api-keys-auth-tokens/

WhatsApp voice message phishing emails push info-stealing malware
https://www.bleepingcomputer.com/news/security/whatsapp-voice-message-phishing-emails-push-info-stealing-malware/

Hacking forum RaidForums shut down and founder arrested in global police operation
https://www.zdnet.com/article/hacking-forum-raidforums-shut-down-and-founder-arrested-in-global-police-operation/

Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems
https://www.wired.com/story/pipedream-ics-malware/

The Jerich Show Episode 83 - On the Road Again

Fri, 01 Apr 2022 15:07:39 -0400

In this episode, Erich joins Javvad from the airport in Nashville, Tennessee to discuss some of the top cybersecurity stories of the week.

The Jerich Show Episode 82 - Lapsus$ is still going, London Voter Info Leaked and More!

Fri, 25 Mar 2022 12:57:55 -0400

In this Episode, Erich and Javvad cover the weekly hot stories related to the Lapsus$ group, ISACA says we need more staff, London voter info leaked and more.

Stories from the show:

ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed
https://www.infosecurity-magazine.com/news/isaca-cybersecurity-understaffed/

Anonymous claims it has hacked the Central Bank of Russia
https://www.computerweekly.com/news/252515064/Anonymous-claims-it-has-hacked-the-Central-Bank-of-Russia

Over 40,000 London Voters Have Data Leaked to Strangers
https://www.infosecurity-magazine.com/news/over-40000-london-voters-data/

Microsoft confirms they were hacked by Lapsus$ extortion group
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-they-were-hacked-by-lapsus-extortion-group/

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
https://www.bbc.com/news/technology-60864283?fbclid=IwAR3NCh_dI68zqoFiqgC1oGxCLGHqBtM14pCmwa6p4J7YDxKBOVP6ckqXnnI

The Jerich Show Episode 81 - Russian AV, Meta Pays Fines and Much More!

Fri, 18 Mar 2022 11:13:38 -0400

In this episode, Javvad and Erich talk about the German Governement warning about using Russian anitivirus, Meta gets a fine and the CISSP gets a testing revamp. All this and more!

Stories from the show:

German Government Warns Against Using Russia's Kaspersky Antivirus Software
https://thehackernews.com/2022/03/german-government-warns-against-using.html

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018
https://thehackernews.com/2022/03/facebook-hit-with-186-million-gdpr-fine.html

Cyber security certification overhaul brings new questions and longer exams
https://www.itpro.co.uk/security/cyber-security/366966/cyber-security-certification-overhaul-longer-exam-questions

The Jerich Show Episode 80 - Samsung, NVIDIA and Lapsus$, Dirty Pipe and More

Fri, 11 Mar 2022 10:57:20 -0500

In this episode, Javvad and Erich chat about the Lapsus$ ransomware group and the attacks on NVIDIA and Samsung, Android malware and more!

Stories from the show:

Chinese phishing actors consistently targeting EU diplomats
https://www.bleepingcomputer.com/news/security/chinese-phishing-actors-consistently-targeting-eu-diplomats/

Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
https://threatpost.com/samsung-lapsus-ransomware-source-code/178791/

That Android antivirus could actually be malware
https://www.techradar.com/news/that-android-antivirus-could-actually-be-malware

'Dirty Pipe' Linux vulnerability discovered
https://www.zdnet.com/article/dirty-pipe-linux-vulnerability-discovered-fixed/

A Risk Question
https://twitter.com/jwgoerlich/status/1501941528628891648?s=20&t=IpRD0oVurIpM4x3zoR1Pdw

The Jerich Show Episode 79 - NVIDIA Hack back, Conti Code Leak and More!

Fri, 04 Mar 2022 11:01:09 -0500

In this episode, Javvad and Erich chat about the cybersecurity issues related to the Ukraine invasion, the Conti ransomware group has a lot of data dumped, and the folks that hit Nvidia, get hit back.

All of this and more!

Stories from the show:

83% of employees continue accessing old employer’s accounts
https://www.helpnetsecurity.com/2022/02/21/employees-maintaining-accounts-access/

Conti Ransomware Decryptor, TrickBot Source Code Leaked
https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/

Ransomware group claiming responsibility for Nvidia attack is hacked in turn
https://www.pcgamer.com/ransomware-group-claiming-responsibility-for-nvidia-attack-is-hacked-in-turn/

The Jerich Show Episode 78 - While the cat’s away... Guest host James McQuiggan

Fri, 18 Feb 2022 10:36:06 -0500

Javvad is away this week, so Erich is joined by James McQuiggan as they speak about the top #cybersecurity stories from the week.

Stories from the show:

Baltimore Conned Out of $375k
https://www.infosecurity-magazine.com/news/baltimore-conned-out-of-375k/

74% of ransomware revenue goes to Russia-linked hackers
https://www.bbc.com/news/technology-60378009

Venmo and other financial app users to get $58 million in settlement
https://www.consumeraffairs.com/news/venmo-and-other-financial-app-users-to-get-58-million-in-settlement-012422.html

US DOJ Announces Leader for New FBI Crypto Unit
https://blockchain.news/news/us-doj-announces-leader-for-new-fbi-crypto-unit

Super Bowl Ad Sparks QR Code Controversy
https://www.secureworld.io/industry-news/qr-code-controversy-super-bowl

The Jerich Show Episode 77 - Infotainment Crashes, Russian Crackdowns and More!

Fri, 11 Feb 2022 13:00:01 -0500

In this episode, Erich Kron and Javvad Malik chat about the weekly #infosec and #cybersecurity stories, including how Russia is cracking down on carders, infotainment system crashes and more.

Stories from the show:

Tech bug keeps Mazda radios locked in to NPR
https://www.bbc.com/news/technology-60333765

Intuit users warned over tax scam threatening to disable your account – here’s the fake email to look out for
https://www.the-sun.com/money/4620318/intuit-scam-phishing-fake-email-tax/

Russia arrests third hacking group, seizes carding forums
https://www.bleepingcomputer.com/news/security/russia-arrests-third-hacking-group-seizes-carding-forums/

Lazarus hackers target defense industry with fake Lockheed Martin job offers

https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-cryptocurrency-orgs-with-fake-job-offers/

The Lazarus Heist Podcast (an amazing podcast, really. Trust us!):
https://podcasts.apple.com/au/podcast/the-lazarus-heist/id1561990291

The Jerich Show Episode 76 - Perry Carpenter, The Inside Man Season 4 Premiere and More

Fri, 04 Feb 2022 11:25:13 -0500

In this episode, Erich and Javvad welcome Perry Carpenter, author of 'Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors' as we discuss the release of The Inside Man Season 4 and interesting weekly inforsec stories

Perry's LinkedIn Profile:
https://www.linkedin.com/in/perrycarpenter/

Perry's Twitter Profile:
https://twitter.com/PerryCarpenter (@PerryCarpenter)

Perry's Own (AWESOME) Podcast - 8th Layer Insights
https://thecyberwire.com/podcasts/8th-layer-insights

Stories from the show:

Facebook says Apple iOS privacy change will result in $10 billion revenue hit this year
https://www.cnbc.com/2022/02/02/facebook-says-apple-ios-privacy-change-will-cost-10-billion-this-year.html

Zimbra zero-day vulnerability actively exploited to steal emails
https://www.bleepingcomputer.com/news/security/zimbra-zero-day-vulnerability-actively-exploited-to-steal-emails/

Researchers use GPU fingerprinting to track users online
https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online/

Cyber-attack strikes German fuel supplies
https://www.bbc.com/news/technology-60215252

KP Snacks
https://www.bbc.co.uk/news/technology-60230077

Swissport
https://www.bleepingcomputer.com/news/security/swissport-ransomware-attack-delays-flights-disrupts-operations/

The Jerich Show Episode 75 - COVID Survival, Water Treatment and Much More!

Fri, 28 Jan 2022 10:37:33 -0500

In this episode, Javvad recovers from COVID, the US adds water supply to important things to protect, QNAP is getting attacked, China hijacks Aussie PM's account and Americans should expect the Ruskies to attack (in the cyberz)

All of this and more today. Don't miss this episode!

Stories from the show:

QNAP warns of new DeadBolt ransomware encrypting NAS devices
https://www.bleepingcomputer.com/news/security/qnap-warns-of-new-deadbolt-ransomware-encrypting-nas-devices/

DHS: Americans should be prepared for potential Russian cyberattacks
https://www.zdnet.com/article/dhs-warns-critical-infrastructure-orgs-local-governments-of-potential-for-russian-cyberattack/

China accused of hijacking Australia Prime Minister Scott Morrison's WeChat account
https://www.zdnet.com/article/china-accused-of-hijacking-australia-prime-minister-scott-morrisons-wechat-account/

Unmasking Poopsenders, The Anonymous Website That Sends People Fake Poop
https://www.vice.com/en/article/k7w3dx/unmasking-poopsenders-the-anonymous-website-that-sends-people-fake-poop

The Jerich Show Episode 74 - Ethan Smart from appNovi Chats About Weekly Stories, AppNovi and More!

Fri, 21 Jan 2022 11:26:48 -0500

In this episode Javvad and Erich are joined by Ethan Smart, Co-Founder and Head of Solutions Architecture at appNovi, as they discuss the #cybersecurity stories of the week and hear more about Ethan's passion for making the lives of practitioners easier.

Stories from the show:

DHL dethrones Microsoft as most imitated brand in phishing attacks
https://www.bleepingcomputer.com/news/security/dhl-dethrones-microsoft-as-most-imitated-brand-in-phishing-attacks/

Nintendo warns of spoofed sites pushing fake Switch discounts
https://www.bleepingcomputer.com/news/security/nintendo-warns-of-spoofed-sites-pushing-fake-switch-discounts/

Alexa outage
https://www.techradar.com/uk/news/live/amazon-alexa-down-the-smart-assistant-is-struggling-to-find-its-voice

NSO Group Spyware Reportedly Used by Israeli Police Force (Pegasus… again)
https://www.inforisktoday.com/israeli-officials-deny-claims-improper-spyware-use-a-18352

Scammers are putting QR code stickers on parking meters to trick people into paying them
https://www.businessinsider.com/scammers-qr-code-stickers-parking-meters-2022-1

The Jerich Show Episode 73 - We came back!

Fri, 14 Jan 2022 12:53:33 -0500

After a long couple of weeks off for the holiday season, we have returned to the scene with more news and insight about the state of #CyberSecurity. This week we discuss CES, Russian attacks on US infrastructure and much more!

The Jerich Show Episode 72 - The Festive Episode

Fri, 14 Jan 2022 12:52:08 -0500

In this, the last episode of 2021, Erich and Javvad chat about a propane problem, the Grinch steal payday, the log4j thing and stealing lotto tickets with an interesting end.

All this and more

Stories frome the show:

https://indianexpress.com/article/explained/log4j-vulnerability-cybersecurity-7671367/

https://www.thesun.co.uk/tech/17049490/christmas-payday-cancelled-hackers-ukg-ransomware-who-is-affected/

https://www.govinfosecurity.com/superior-plus-latest-fuel-supplier-hit-by-ransomware-a-18128

https://www.bbc.co.uk/news/uk-england-manchester-59654724

The Jerich Show Episode 71 - We ”Predict” This Will Be A Great Episode

Fri, 10 Dec 2021 11:27:59 -0500

In this special episode Javvad and Erich welcome Jelle Wieringa (@JelleWieringa), Roger Grimes (@rogeragrimes), Anna Collard @AnnaCollard3) and James McQuiggan (@James_McQuiggan) to the show for their 2022 cyber predictions.

How bad will things get? Will we have to welcome our new robotic overlords? Will shortages doom the Pumpkin Spice Latte? This and more may be answered in this episode, so be sure to join us.

The Jerich Show Episode 70 - IKEA Email Hacked and More!

Fri, 03 Dec 2021 11:46:03 -0500

In this episode @J4vv4d bows out and let’s @James_McQuiggan take over as they discuss the IKEA internal email issue, an attack on Planned Parenthood, a medical breach with unsuspecting victims and @ErichKron’s @InnocentOrg ambassadorship. All this and more, live!

Comment, like and share!

Stories from the show:
IKEA Internal Email Attack:
https://threatpost.com/ikea-email-reply-chain-attack/176625/

Cyber-Attack on Planned Parenthood
https://www.infosecurity-magazine.com/news/cyberattack-on-planned-parenthood/

Medsurant Health discloses ransomware incident, but not yet notifying patients:
https://www.databreaches.net/medsurant-health-discloses-ransomware-incident-but-not-yet-notifying-patients/

Former Ubiquiti engineer arrested for inside threat attack:
https://www.techtarget.com/searchsecurity/news/252510411/Former-Ubiquiti-engineer-arrested-for-inside-threat-attack

The Jerich Show Episode 69 - Going Live Streaming, What Could Go Wrong?

Mon, 29 Nov 2021 08:38:30 -0500

In this episode, Erich and Javvad chat about the #infosec and #cybersecurity stories of the week. Check them out and chat live with the hosts.

Stories from the show:

New Memento ransomware switches to WinRar after failing at encryption:
https://www.bleepingcomputer.com/news/security/new-memento-ransomware-switches-to-winrar-after-failing-at-encryption/

Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day:
https://www.zdnet.com/article/security-company-faces-backlash-for-waiting-12-months-to-disclose-palo-alto-0-day/

FBI system hacked to email 'urgent' warning about fake cyberattacks:
https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/

The Jerich Show Episode 68 - Medical Breach, Big Pharma, Robinhood Robbed, the South and Much More!

Fri, 12 Nov 2021 08:54:27 -0500

In this episode, Erich and Javvad discuss issues around a fertility clinic hack, another way big pharma is a hot mess, how Robinhood was swindled with simple social engineering and how North Korea is up to it's old tricks again.

Don't forget to Like, Share and Subscribe!

Stories from the show:

Hack leaves fertility clinic medical data at risk:
https://www.bbc.com/news/technology-59156683

EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms:
https://www.zdnet.com/article/eu-pharmaceutical-giants-run-old-vulnerable-apps-and-fail-to-use-encryption-in-login-forms/

Robinhood discloses data breach impacting 7 million customers:
https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/

OTP Bot Call Audio:
https://soundcloud.com/user-233140213/otp-bot-call-audio

North Korean hackers target the South's think tanks through blog posts:
https://www.zdnet.com/article/north-korean-hackers-target-the-souths-think-tanks-through-blog-posts/

The Jerich Show Episode 67 - Cisco joins the present, Pegasus is blacklisted, Squidcrypto and more

Mon, 08 Nov 2021 08:57:08 -0500

In this episode Javvad and Erich discuss Cisco's decision to remover hard-coded credentials and SSH keys... finally, the US ban on Pegasus spyware, a Squid Game themed cryptocoin robbery, and parents being threatened after building a school app.

Stories from the show:

Cisco fixes hard-coded credentials and default SSH key issues:
https://www.bleepingcomputer.com/news/security/cisco-fixes-hard-coded-credentials-and-default-ssh-key-issues/

US Bans Trade With Pegasus Spyware Maker:
https://threatpost.com/pegasus-spyware-blacklisted-us/175999/

Squid Game crypto token collapses in apparent scam:
https://www.bbc.co.uk/news/business-59129466

These Parents Built a School App. Then the City Called the Cops:
https://www.wired.com/story/sweden-stockholm-school-app-open-source/

The Jerich Show Episode 66 - Groovy Revenge, NRA Gets Hacked, Iran... Out of Gas, and More!

Fri, 29 Oct 2021 08:18:41 -0400

This week, Erich and Javvad discuss some of the latest cybersecurity stories, including the NRA hack, North Korea is going after security vendors in supply chain attacks, some Iranian gas pumps are taken offline by a cyber attack and the Groove ransomware gang wants revenge on the US for taking down REvil, and is enlisting other gangs to focus their attacks there.

All of this and more!

Remember to Like, Share and Subscribe!

Stories from the show:

NRA Hacked:
https://www.cbsnews.com/news/nra-hack-ransomware-gang-grief-russia/

North Korea is Hacking Supply Chains:
https://thehackernews.com/2021/10/latest-report-uncovers-supply-chain.html

Iran... Out of Gas:
https://www.bleepingcomputer.com/news/security/iranian-gas-stations-out-of-service-after-distribution-network-hacked/

Groove Wants Revenge:
https://www.bleepingcomputer.com/news/security/groove-ransomware-calls-on-all-extortion-gangs-to-attack-us-interests/

The Jerich Show Episode 65 - Presentation Fails, Telecom Targets, a Breach Admittance and More!

Fri, 22 Oct 2021 08:51:36 -0400

In this episode, Erich and Javvad talk about their fails during presentations, Accenture finally admits it's data was breached, telecoms are targeted by China, the UK bans Huawei from the 5Gs bad actors steal cookies from content creators, and a whole lot more!

Remember to Like, Subscribe and Share!

Stories from the show:

Accenture confirms data breach after August ransomware attack:
https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breach-after-august-ransomware-attack/

Huawei ban: UK to impose early end to use of new 5G kit:
https://www.bbc.com/news/business-55124236

Potential Chinese hackers targeting telecommunications companies:
https://thehill.com/policy/cybersecurity/577440-potential-chinese-hackers-targeting-telecommunications-companies

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts:
https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html

The Jerich Show Episode 64 - Ransomware Without the Encryption, Flight School Hijinx and More!

Fri, 15 Oct 2021 10:06:35 -0400

In this episode, Erich and Javvad discuss the weekly hot infosec topics, including ransomware without the encryption, angry ex-employees turned insider threat at a flight school, "super" passwords to not use, and whether or not "It was a deepfake" is the new, "The dog ate my homework".

All of this and more!

Remember to like, subscribe and share!

Stories from the show:

30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware:
https://threatpost.com/rapid-attacks-extort-ransomware/175445/

Woman, 26, is arrested 'for hacking into Florida flight training school's system and tampering with airplane information, including clearing some aircraft with maintenance issues for takeoff': Cops say attack was in retaliation after father was fired:
https://www.newsbreak.com/news/2400876442542/woman-26-is-arrested-for-hacking-into-florida-flight-training-school-s-system-and-tampering-with-airplane-information-including-clearing-some-aircraft-with-maintenance-issues-for-takeoff-cops-say-attack-was-in-retaliation-after-father-was-fired

Superman, Not to Rescue: Passwords With Superhero Names Are Most Hacked:
https://www.news18.com/news/buzz/superman-not-to-rescue-passwords-with-superhero-names-are-most-hacked-4317128.html

Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police Find:
https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/?sh=18cc26697559

The Jerich Show Episode 63 - The Facebook Thing, a Twitchy Hack, Airgapped Pwnage and More

Fri, 08 Oct 2021 08:46:09 -0400

In this episode, Javvad makes fun of Erich for his current state of mental exhaustion due to National CyberSecurity Awareness Month, the Facebook outage and incident response tips are discussed, the ramifications of the Twitch breach are covered and an interesting, but maybe not so useful, method of pulling data from an air-gapped system is covered. All of this and more!

Remember to Like, Share and Subscribe!

Stories from the show:

Understanding How Facebook Disappeared from the Internet:
https://blog.cloudflare.com/october-2021-facebook-outage/

Security experts have given advice following the Twitch data breach:
https://www.nme.com/news/gaming-news/security-experts-have-given-advice-following-the-twitch-data-breach-3064855

Twitch source code and creator payouts part of massive leak:
https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor

LANtenna Attacks Exploit Air-Gapped Networks Via Ethernet:
https://www.bankinfosecurity.com/lantenna-attacks-exploit-air-gapped-networks-via-ethernet-cables-a-17688

The Jerich Show Episode 62 - Russian Treason, DDoS attacks, Visa Vulns on an iPhone and More

Fri, 01 Oct 2021 08:54:05 -0400

In this episode, Javvad really messes up the intro, but finally finds his grove as they discuss the stroy about the Group-IB CEO being charged with Treason by Russia, The DDoS attack on Bandwidth, A very specific vulnerability with iPhones and Visa cards and how YouTube is going to remove all vaccine misinformation from the platform.

All of this and more!

Like, share and subscribe!

Stories from the show:

Top Russian Cybersecurity CEO Charged with Treason:
https://www.govinfosecurity.com/top-russian-cybersecurity-ceo-charged-treason-a-17644

Bandwidth Hit with DDoS Attack, Dealing with Service Disruptions:
https://www.channelfutures.com/security/bandwidth-hit-with-ddos-attack-dealing-with-service-disruptions

Security experts urge iPhone users to remove Visa as a transport card via Apple Pay:
https://uk.news.yahoo.com/security-experts-urge-iphone-users-234037124.html

YouTube to remove all anti-vaccine misinformation:
https://www.bbc.com/news/technology-58743252

Show Contents:
00:00 - 02:04 Javvad ruins the Intro
02:04 - 06:56 Treason or just business?
06:56 - 12:52 DDoS and the Bandwidth attack
12:52 - 22:49 Transporting with Visa
22:49 - 22:17 YouTube removing anti-vaxx misinformation
22:17 - 27:30 Outro

The Jerich Show Episode 61 - Raging Against the Machine

Fri, 24 Sep 2021 08:52:11 -0400

In this episode, Erich channels his deep inner anger about some government follies that have impacted individuals and organizations alike. Javvad mostly nods along for effect.

Remember to Like, Share and Subscribe!

Stories from the show:

FBI Withholding Kaseya Ransomware Decryption Key Had ‘No Bearing’ on REvil:
https://www.channelfutures.com/security/fbi-withholding-kaseya-ransomware-decryption-key-had-no-bearing-on-revil

Four months on from a sophisticated cyberattack, Alaska's health department is still recovering:
https://www.zdnet.com/article/four-months-on-from-sophisticated-cyber-attack-alaskas-health-services-is-still-recovering/

Investigation launched after MoD email blunder:
https://www.computerweekly.com/news/252506972/Investigation-launched-after-MoD-email-blunder

The Jerich Show Episode 60 - Hostile Takeover

Fri, 17 Sep 2021 08:04:15 -0400

Erich Kron is out this week so the award-winning Host Unknown stepping in and took matters into their own hands.

Follow host unknown on hostunknown.tv @hostunknowntv
Listen to the host unknown podcast on your favourite podcast player

Stories from the show:
‘Significant threat’: cyber attacks increasingly targeting Australia’s critical infrastructure
https://www.theguardian.com/technology/2021/sep/15/significant-threat-cyber-attacks-increasingly-targeting-australias-critical-infrastructure

Microsoft: Windows 10 2004 reaches end of service in December
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-2004-reaches-end-of-service-in-december/

HP patches severe OMEN driver privilege escalation vulnerability
https://www.zdnet.com/article/hp-patches-omen-driver-privilege-escalation-vulnerability/

Apple Issues Emergency Fix for NSO Zero-Click Zero Day
https://threatpost.com/apple-emergency-fix-nso-zero-click-zero-day/169416/

Over 60 million wearable, fitness tracking records exposed via unsecured database
https://www.zdnet.com/article/over-60-million-records-exposed-in-wearable-fitness-tracking-data-breach-via-unsecured-database/

Follow host unknown on hostunknown.tv
Listen to the host unknown podcast on your favourite podcast player

The Jerich Show Episode 59 - No Cops or the Data gets Dumped, Cybercrime as a Tax Deduction and More

Fri, 10 Sep 2021 08:43:15 -0400

In this episode, Javvad messes up by starting the recording early, then hem and Erich discuss a new threat from a ransomware gang about dumping data if the victim calls the cops, the REvil servers mysteriously being resurrected from the dead, claiming a ransomware payment as a tax deduction and a whole bunch of VPN passwords being stolen.

All of this and more, in this episode of The Jerich Show (complete with a reworked logo)

Remember to Like, Share and Subscribe!

Stories From the Show:

Ransomware gang threatens to leak data if victim contacts FBI, police:
https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police/

Hit by a ransomware attack? Your payment may be deductible:
https://www.independent.co.uk/news/hit-by-a-ransomware-attack-your-payment-may-be-deductible-irs-fbi-pms-washington-ransomware-b1868907.html

REvil ransomware's servers mysteriously come back online:
https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices:
https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html

Show Contents:
00:00 - 01:42 Javvad Messes Up the Intro
01:42 - 07:17 Ragnar Locker Threats if the Victim Calls the Cops or Negotiators
07:17 - 09:02 Is Your Ransom Payment a Tax Deduction?
09:02 - 15:32 REvil Servers Raise Their Ugly Heads Again
15:32 - 20:42 VPN Accounts Leaked From Fortigate Devices
20:42 - 20:50 Outro

The Jerich Show Episode 58 - Returned From a Break: AKA the Curmudgeon Episode

Fri, 03 Sep 2021 09:50:17 -0400

It's been a couple of weeks, but Javvad and Erich are back from a little break and far more grumpy than you might assume. That's OK, because, as evidenced by the stories, they are grumpy because nobody fixed the internet while they were gone.

Check out what they are so grumpy about and don't forget to Like, Share and Subscribe!

Stories from the show:

Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms:
https://thehackernews.com/2021/08/attackers-can-remotely-disable-fortress.html

Scam artists are recruiting English speakers for business email campaigns:

https://www.zdnet.com/article/scam-artists-are-recruiting-english-speakers-for-business-email-campaigns

LockBit gang leaks Bangkok Airways data, hits Accenture customers:
https://www.bleepingcomputer.com/news/security/lockbit-gang-leaks-bangkok-airways-data-hits-accenture-customers/

Twitter creates 'Safety Mode' to temporarily block accounts caught insulting users:
https://www.zdnet.com/article/twitter-creates-safety-mode-to-temporarily-block-accounts-caught-insulting-users/

The Jerich Show Episode 57 - Back from Blackhat and DEFCON, a criminal returning money, phish reports

Thu, 12 Aug 2021 22:29:54 -0400

In this episode, Erich reminisces about Blackhat and DEFCON, comparing past years to 2021 and Javvad and him discuss some crazy news stories, including one where a cyber thief actually returns $260 million and a new UK governement software that adds a button to report emails to the 'Ministry of Phishy Things', or some such government entity.

Don't forget to Like, Subscribe and Share for more fun looks at very serious topics.

Stories from the show:

Cryptocurrency heist hacker returns $260m in funds:
https://www.bbc.com/news/business-58180692

New one-click button will flag dodgy emails directly to cyber experts:
https://news.sky.com/story/new-one-click-button-will-flag-dodgy-emails-directly-to-cyber-experts-12379104

Flight attendant interview video:
https://www.youtube.com/watch?v=XFoXmnBuLw0

Show Contents:
00:00 - 1:00 Intro
01:00 - 13:30 Blackhat and DEFCON recap
13:30 - 18:27 Cryptocurrency heist hacker returns $260m in funds
18:27 - 28:49 New one-click button will flag dodgy emails directly to cyber experts
28:49 - 30:39 Smelling like regret (https://www.youtube.com/watch?v=XFoXmnBuLw0)
30:39 - 31:04 Outro

The Jerich Show Episode 56.3 - Day 2 Black Hat Recap and some DEFCON info

Fri, 06 Aug 2021 13:38:49 -0400

In this quick daily recap, Erich and Javvad talk about the closing day of Black Hat and the start of DEFCON, conference speaking and much more.

The Jerich Show Episode 56 - Live from Black Hat and more ransomware, a big leak and hotel capsules

Thu, 05 Aug 2021 11:39:34 -0400

In this episode, Javvad and Erich discuss the first day at Black Hat 2021. They discuss the low attendance at Black Hat, the topics and big vendors at the show and other observations from the show.

In addition they discuss a ransomware attack on a school, a huge amount of data leaked by a mystery company, security issues with a hotel capsule, and more.

Look out for more updates from Vegas this year!

Like, share and subscribe!

Stories from the show:

Report: Over 63 Million US Citizens Exposed in Massive Data Leak:
https://www.vpnmentor.com/blog/report-onemorelead-leak/

Isle of Wight schools hit by ransomware attack:
https://www.bbc.com//uk-england-hampshire-58078670

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms:
https://threatpost.com/security-bugs-takeover-capsule-hotel/168376/

The Jerich Show Episode 55 -Popcorn with Anna Collard as we discuss the attacks of the week and more

Fri, 30 Jul 2021 09:54:55 -0400

This week Anna Collard, founder of Popcorn Training and an all around brillant person, talks through the stories of the week and shares her experience taking a doodle, and turining it into a great company. You don't want to miss it!

Like, subscribe and share!

About Anna:
LinkedIn: https://www.linkedin.com/in/anna-collard-606817/
Twitter: @AnnaCollard3

Stories from the show:

Majority of employees take cybersecurity shortcuts, despite knowing risks:
https://www.securitymagazine.com/articles/95722-majority-of-employees-take-cybersecurity-shortcuts-despite-knowing-risks

Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam:
https://www.theregister.com/2021/07/27/youtube_channel_tech_scam/

ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower:
https://www.computerweekly.com/news/252504531/ICO-ends-its-involvement-in-dispute-between-NatWest-Bank-and-data-breach-whistleblower

South Africa port operations halted and workers reportedly put on leave after major cyberattack:
https://www.cnbc.com/2021/07/27/transnet-halts-port-operations-in-south-africa-after-major-cyberattack.html

Show Content:
00:00 - Intro
02:52 - Majority of employees take cybersecurity shortcuts, despite knowing risks
10:16 - Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam
18:35 - ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower
26:02 - South Africa port operations halted and workers reportedly put on leave after major cyberattack
33:50 - Anna talks about starting Popcorn Training
43:07 - Tech sector and the value of professional relationships in South Africa
48:53 - What people can do better to communicate
54:18 - What is next for Anna
56:34 - Outro

The Jerich Show Episode 54 - Black Hat, Swatting, Kaseya Decryptor, (ISC)2, S3 Badness and More

Sun, 25 Jul 2021 22:25:21 -0400

This week Javvad and Erich discuss some of the hottest stories of the past week, including the sentancing of a swatter, the release of a Kaseya universal ransomware decryptor, a $50m demand (possibly being delivered by bicycle), MosaicLoader punishes pirates, the (ISC)2 learning portal for CISSP's and other members and an insurtech startup that joins the 'unsecured S3 bucket' club.

All of this and more. Please like, subscribe and share. Story links and chapter listing is below.

Serial Swatter Who Caused Death Gets Five Years in Prison
https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/

Kaseya obtains universal decryptor for REvil ransomware victims
https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/

Hackers reportedly demand $50m from Saudi Aramco over data leak
https://www.bbc.com/news/business-57924355

New MosaicLoader malware targets software pirates via online ads
https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-targets-software-pirates-via-online-ads/

An insurtech startup exposed thousands of sensitive insurance applications
https://techcrunch.com/2021/07/16/backnine-insurance-applications-exposed/

Other mentions:

Dark Patterns
https://www.darkpatterns.org/

(ISC)2 Learning Portal
https://learn.isc2.org

Contents of this video:
00:00 - Javvad's Minecraft-esque Intro
02:22 - Black Hat Conference and COVID Thoughts
06:00 - Serial Swatter Who Caused Death Gets Five Years in Prison
10:32 - Kaseya obtains universal decryptor for REvil ransomware victims
14:54 - Hackers reportedly demand $50m from Saudi Aramco over data leak
20:05 - New MosaicLoader malware targets software pirates via online ads
25:54 - The (ISC)2 Learning Portal and What They Are Doing Right
30:38 - An insurtech startup exposed thousands of sensitive insurance applications
34:53 - Closing and Profound Insight from Erich

The Jerich Show Episode 54 - Guess who has a breach, Soniwall issues and more

Fri, 16 Jul 2021 09:00:46 -0400

In this episode, Erich and Javvad discuss some data breaches, issues with outdated and End-of-Life (EOL) hardware and software and issues with government collection of zero-day vulnerabilities and issues related to mandatory reporting with too little time to understand the issue.

Like, subscribe and share!

Fashion retailer Guess discloses data breach after ransomware attack:
https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/

SonicWall warns of 'critical' ransomware risk to EOL SMA 100 VPN appliances:
https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-ransomware-risk-to-eol-sma-100-vpn-appliances/

22% of exploits for sale in underground forums are more than three years old:
https://www.helpnetsecurity.com/2021/07/15/exploits-for-sale/

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into:
https://www.theregister.com/2021/07/15/china_vulnerability_law/

The Jerich Show Episode 52 - Charl van der Walt Chats About Getting Into Infosec & News of the Week

Fri, 02 Jul 2021 08:29:17 -0400

In this episode, Charl van der Walt jions Erich and Javvad as they talk about the news stories related to the new CISA 'Bad Practices' guidance, My Book Live devices being remotely wiped, Windows print spoolers being weaponized and data movement by pigeons.

Charl then talks about what it's like being a CEO, what he looks for in potential employees, the state of security organizations in South Africa, the value of certifications and more.

Remember to hit the 'Like' button, then subscribe and share for more great weekly episoded.

About Charl:
Twitter: @charlvdwalt
LinkedIn: https://www.linkedin.com/in/charl-van-der-walt/

Orange Cyberdefense: https://www.linkedin.com/company/orange-cyberdefense/

Stories from the show:

CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability:
https://www.tenable.com/blog/cve-2021-1675-proof-of-concept-leaked-for-critical-windows-print-spooler-vulnerability

Hackers use zero-day to mass-wipe My Book Live devices:
https://www.bleepingcomputer.com/news/security/hackers-use-zero-day-to-mass-wipe-my-book-live-devices/

Bad Practices:
https://www.cisa.gov/BadPractices

BONUS STORY:

In Africa, A Pigeon Transfers Data Faster Than The Internet:

https://www.wired.com/2009/09/in-africa-a-pigeon-transfers-data-faster-than-the-internet/

IP over Avian Carriers with Quality of Service:

https://datatracker.ietf.org/doc/html/rfc2549

The Jerich Show Episode 51 - John McAfee Dead, Cryptobros Vanish with $2.2B and FB Takes On Privacy

Fri, 25 Jun 2021 09:05:19 -0400

In this episode Javvad and Erich discuss the death of John McAfee, a story where 2 brothers in South Africa disappear under mysterious circumstances (and along with $2.2 billion in BTC) and, Facebook calls out Apple by funding an attempt at an academic-ish paper, as they strive to protect you from the evils of monopolistic behavior (or maybe just to protect their own profits). All this and more in this episode!

Be sure to like, subscribe and share!

Javvad's Interview with John McAfee:
https://www.youtube.com/watch?v=xHuVW63ceSQ

Stories from the show:

John McAfee found dead in Spanish prison after his extradition to the US was approved:
https://www.cnn.com/2021/06/23/tech/john-mcafee-death/index.html

South African Brothers Disappear, Along With $2.2 Billion Worth Of Bitcoin:
https://www.forbes.com/sites/emilymason/2021/06/23/south-african-brothers-disappear-along-with-22-billion-worth-of-bitcoin/?sh=4dbd6a3a1a60

Facebook vs. Apple: Here's what you need to know about their privacy feud:
https://www.cnet.com/news/facebook-vs-apple-heres-what-you-need-to-know-about-their-privacy-feud/

The paper that was published:
Harming Competition and Consumers under the Guise of Protecting Privacy: An Analysis of Apple’s iOS 14 Policy Updates:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3852744

The Jerich Show Episode 50 - Magda de Jager joins us to discuss cyber busts in Kyiv and much more

Fri, 18 Jun 2021 08:18:24 -0400

In this episode, Javvad and Erich are joined by Magda de Jager (aka Mags) to discuss this weeks news stories, including the Peloton bike vulnerability (or is it?), the takedown of the Clot ransomware gang and credential stuffing attacks targeting the travel and retail industries. Mags also discusses her journey to working in infosec and much, much more!

Please like, share and subscribe

About Mags:
Twitter: @magsdj
LinkedIn: https://www.linkedin.com/in/magdadejager/

Stories from the show:

Ukrainian police partner with US, South Korea for raid on Clop ransomware members:
https://www.zdnet.com/article/ukranian-police-partner-with-us-south-korea-for-raid-on-clop-ransomware-members/

Peloton Bike+ Was Vulnerable to Remote Hacking, Researchers Find:
https://gizmodo.com/peloton-bike-was-vulnerable-to-remote-hacking-researc-1847105097

Travel and retail industries facing wave of credential stuffing attacks:
https://www.zdnet.com/article/travel-and-retail-industries-facing-wave-of-credential-stuffing-attacks/

Scottish word of the day:
Miss PunnyPennie - @Lenniesaurus

https://twitter.com/Lenniesaurus

The Jerich Show Episode 49 - Mo Amin joins us for talk about culture, a big pwd dump, MQTT and more

Fri, 11 Jun 2021 08:55:09 -0400

In this episode Javvad and Erich welcome Mo Amin, -------- at ------- as we discuss the Fastly outage, some vulnerabilities in some MQTT handlers, what might be the biggest password dump of all times and we have some serious discussion about company security culture and what that means to an organization.

Don’t forget to like, share and subscribe for more great weekly content!

About Mo:
Twitter: @infosecmo
LinkedIn: https://www.linkedin.com/in/moamin1/

Stories form the show
One Fastly customer triggered internet meltdown:
https://www.bbc.com/news/technology-57413224

DoS vulns in 3 open-source MQTT message brokers could leave users literally locked out of their homes or offices:
https://www.theregister.com/2021/06/08/mqtt_dos_vulnerabilities/

Largest List of Passwords Ever Has Been Released Online:
https://news.softpedia.com/news/largest-list-of-passwords-ever-has-been-released-online-533160.shtml

The Jerich Show Episode 48 -Jim Zuffoletti Joins to Talk Ransomware, Ransomware and Entrepreneurship

Fri, 04 Jun 2021 08:34:24 -0400

In this episode, Jim Zuffoletti, CEO & Co-Founder of SafeGuard Cyber, joins the show as we discuss several ransomware attacks from the week, talk about how security has evolved to bring about some signficant challenges securing human and cloud architectures and the data involved, and much, much more.

Jim's info:
SafeGuard Cyber: https://www.safeguardcyber.com/
SafeGuard Cyber's Twitter: @SafeGuard_Cyber
LinkedIn: https://www.linkedin.com/in/jimzuffoletti/

Stories from the show:

REvil, A Notorious Ransomware Gang, Was Behind JBS Cyberattack, The FBI Says
https://www.npr.org/2021/06/03/1002819883/revil-a-notorious-ransomware-gang-was-behind-jbs-cyberattack-the-fbi-says

FUJIFILM shuts down network after suspected ransomware attack
https://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/

NYC’s Subway Operator and Martha’s Vineyard Ferry Latest to Report Cyberattacks
https://www-wsj-com.cdn.ampproject.org/c/s/www.wsj.com/amp/articles/ransomware-scourge-continues-as-essential-services-are-hit-11622672685

Biden will confront Vladimir Putin about ransomware as cyberattacks increase in US
https://www.usatoday.com/story/news/politics/2021/06/02/joe-biden-discuss-ransomware-putin-amid-rising-cyberattacks/7508957002/

Effectuation.org
https://www.effectuation.org/

The Jerich Show Episode 47 - Breach laws, Russian Marketplaces and Attacks on Japan

Fri, 28 May 2021 08:23:00 -0400

In this episode, Erich is recovering from a minor spinal surgery an hour before recording and Javvad makes him discuss topics ranging from the FBI notice about Conti attacking hospitals and first responders, the governement attempting to get control of data breaches, a huge illegal Russian dark web market and recent Japan hacks

Don't forget to like, share and subscribe!

Links from the show:

The most important link in the list - 恋のセキュリティホール〜HACK SONG〜:
https://www.youtube.com/watch?v=ZQlvY5UfjeE

FBI Flaaaaaash:
https://www.documentcloud.org/documents/20785301-conti-ransomware-attacks-impact-healthcare-and-first-responder-networks-bc-5-20-21

Senators roll out bipartisan data privacy bill:
https://www.theverge.com/2021/5/20/22444515/amy-klobuchar-data-privacy-protection-facebook-state-laws

Illegal Drug Trade Fuels $1.37B in Crypto Transactions at Russian Dark Site:
https://www.ecommercetimes.com/story/87146.html

Japanese government agencies suffer data breaches after Fujitsu hack:
https://www.bleepingcomputer.com/news/security/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/

Japan predicts hacker attack on Tokyo Summer Olympics by Russian hackers:
https://www.ehackingnews.com/2021/05/japan-predicts-hacker-attack-on-tokyo.html

The Jerich Show Episode 46 - Cloud Camera Woes, and Andra Zaharia Talks Cybersecurity Marketing

Fri, 21 May 2021 08:47:38 -0400

In this episode, Javvad and Erich welcome Andra Zaharia to the show as they talk about an issue with an update to servers behind some cloud cameras that allowed people to view other feeds, how a Russian keyboard can stop malware and about infosec marketing, both externally to customers and internally to your leadership.

Stories: Bug Exposes Eufy Camera Private Feeds to Random Users

https://threatpost.com/eufy-cam-private-feeds/166288/

Russian keyboards can stop ransomware?

https://www.newstalk.com/news/russian-keyboard-could-protect-you-from-potential-cyber-hack-expert-says-1197842

About Andra:
Twitter: @AndraZaharia
LinkedIn: https://www.linkedin.com/in/andrazaharia/
Website: https://andrazaharia.com/

Resources she recommended:
Impersonation example: https://twitter.com/kat_boogaard/status/1361769043267645440

Thanks for the Feedback: The Science and Art of Receiving Feedback Well by Douglas Stone, Sheila Heen - https://www.goodreads.com/book/show/18114120-thanks-for-the-feedback?ac=1&from_search=true&qid=BNKechN2EP&rank=1

Nonviolent Communication: A Language of Life by Marshall B. Rosenberg - https://www.goodreads.com/book/show/71730.Nonviolent_Communication?ac=1&from_search=true&qid=o3Ar8B4VcH&rank=1

The Mom Test: How to talk to customers & learn if your business is a good idea when everyone is lying to you by Rob Fitzpatrick - https://www.goodreads.com/book/show/52283963-the-mom-test?ac=1&from_search=true&qid=7KBV7NvPN8&rank=1

What To Do When It's Your Turn (and it's always your turn) by Seth Godin - https://www.goodreads.com/book/show/23665356-what-to-do-when-it-s-your-turn?ac=1&from_search=true&qid=njWuQP6RrB&rank=1

Her list of people to follow who will instantly make your timeline a source of good convos - https://twitter.com/i/lists/967424242961801217/members

The Jerich Show Episode 45 - CIA, government meddling, another data breach and a bug bounty for good

Fri, 30 Apr 2021 09:38:46 -0400

This week Erich and Javvad talk about the issues of law enforcement making changes to private companies servers, the spotting of some CIA malware, another government data breach and an awesome bug bounty story.

Listen, like and subscribe!

Links from the show:

This software update is deleting botnet malware from infected PCs around the world

https://www.msn.com/en-us/news/technology/this-police-update-is-now-deleting-botnet-malware-from-infected-pcs-around-the-world/ar-BB1g3Prr?ocid=BingNews

Security firm Kaspersky believes it found new CIA malware

https://therecord.media/security-firm-kaspersky-believes-it-found-new-cia-malware/

Wyo Health Department Data Breach Exposes Info From 165K Wyomingites

https://cowboystatedaily.com/2021/04/27/wyoming-department-of-health-sees-data-breach-of-165k-wyomingites/

Researchers Secure Bug Bounty Payout to Help Raise Funds for Infant’s Surgery

https://www.vice.com/en/article/m7eaqv/researchers-secure-bug-bounty-payout-to-help-raise-funds-for-infants-surgery

The Jerich Show Episode 44 - Japanese Biker tricks the Internet, McDonalds Ice cream makers & more

Fri, 23 Apr 2021 05:32:31 -0400

In this episode, Erich and Javvad discuss a 50-year-old male Japanese motorcycler that tricked his fans in to believing he was a 20-something-year-old female with digital face swap trickery, How McDonalds $18k ice cream machines have a dirty little secret, and maybe a fix for that with a Raspberry Pi, and free or cheap alternatives to some popular graphics design programs.

All this and more. Don't forget to watch, like and subscribe below

Stories from the show:

Face editing: Japanese biker tricks internet into thinking he is a young woman
https://www.bbc.com/news/world-asia-56447357

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War
https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war/

Farmers Are Having to Hack Their Own Tractors Just to Make Repairs
https://www.thedrive.com/news/39158/farmers-are-having-to-hack-their-own-tractors-just-to-make-repairs

Sonos explains why it bricks old devices with ‘Recycle Mode’
https://www.theverge.com/2019/12/30/21042871/sonos-recycle-mode-trade-up-program-controversy

Adobe Early Cancellation Fee Stirs Up Controversy On Twitter; Leaves Users Enraged
https://www.republicworld.com/technology-news/apps/adobe-early-cancellation-fee-stirs-up-controversy-on-twitter-leaves-users-enraged.html

Adobe Alternatives
https://www.patreon.com/posts/26834357

The Jerich Show Episode 43 - FBI playing geek squad, PII via real estate and Derrick Thomas joins us

Fri, 16 Apr 2021 08:43:53 -0400

Have you ever wanted to start an infosec conference of your very own? This week Erich and Javvad talk with Derrick Thomas, a co-founder of BSides Tampa, about what it's like to start and grow a conference, some pitfalls and reaching for stars.

They will also discuss the FBI fixing Exchange servers via search warrants, Derrick will be distracted by a clickbait ad about twerking, and realtors showing PII in a virtual tour will be discussed.

Don't forget to like and subscribe to the podcast and video versions.

About Derrick:
Twitter: @BSidesTampa
LinkedIn: https://www.linkedin.com/in/ddthomas-tampa/

Stories from the show:

FBI blasts away web shells on US servers in wake of Exchange vulnerabilities
https://www.zdnet.com/article/fbi-blasts-away-web-shells-on-us-servers-in-wake-of-exchange-vulnerabilities/

Estate agent's hi-tech house tour exposes personal data
https://www.bbc.co.uk/news/technology-56718046

Why Australia is in hysterics over a 'navy twerking' dance
https://www.bbc.co.uk/news/world-australia-56754868

Fyre Festival
https://en.wikipedia.org/wiki/Fyre_Festival

The Jerich Show Episode 42 - The Dramatic Reading Episode with @TriciaKicksSaaS

Fri, 09 Apr 2021 08:22:24 -0400

In this great episode, Erich and Javvad welcome Tricia Howard to the show as they discuss the Ziggy ransomware game giving refunds (no, really), the 500 million user LinkedIn profile scrape, getting in to the cybersecurity industry from outside, and more.

Trisha even uses her amazing theatrical skills to do a dramatic reading of a ransomware note.

Remember to watch, like, and subscribe!

Trisha's information:
Twitter and Instagram: @TriciaKicksSaaS
LinkedIn: https://www.linkedin.com/in/triciakickssaas/

Stories from the show:
Ziggy ransomware admin announces refunds for all targeted victims
https://www.teiss.co.uk/ziggy-ransomware-admin-to-refund-victims/

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof:
https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/

The Jerich Show Episode 41 - Talking culure with Kai Roer

Fri, 26 Mar 2021 08:44:50 -0400

In the episode, Javvad and Erich welcome Kai Roer to the show to talk about a Twitter account takeover, a big potential data leak, responsibility in a phishing click and of course, about security culture.

About Kai:
Twitter: @kairoer
LinkedIn: https://www.linkedin.com/in/kairoer/

Stories From the Show:

Phish Leads to Breach at Calif. State Controller
https://krebsonsecurity.com/2021/03/phish-leads-to-breach-at-calif-state-controller/

NHS boss's Twitter accounts hacked by PS5 scammers:
https://www.bbc.co.uk/news/technology-56456002

Forex Broker Leaks Billions of Customer Records Online:
https://www.infosecurity-magazine.com/news/forex-leaks-millions-customer/

The Jerich Show Episode 40 - The Camera Episode. Pwned Cameras, Tracking and More

Fri, 12 Mar 2021 08:35:19 -0500

From security camera feeds being pwned to tracking people through lens scratches and dust and big issues with some Adobe software, cameras and related items are the topic today for Javvad and Erich.

Links from the show:

FB can track you via dust and scratches:
https://www.tiktok.com/@jengolbeck/video/6936959507356486918

The FB patent for associating cameras with users and objects in a social networking system
https://patents.google.com/patent/US9485423B2/en

Dr. Jen Golbeck:
Twitter: https://twitter.com/jengolbeck

TikTok: https://www.tiktok.com/@jengolbeck?

Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more:
https://www.theverge.com/2021/3/9/22322122/verkada-hack-150000-security-cameras-tesla-factory-cloudflare-jails-hospitals

Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect:
https://www.zdnet.com/article/adobe-releases-batch-of-security-fixes-for-framemaker-creative-cloud-connect/

The Jerich Show Episode 39 - James McQuiggan, Elder Fraud, AOL Phishing and More

Fri, 05 Mar 2021 08:00:16 -0500

In this episode, Erich and Javvad are joined by their colleague and friend, James McQuiggan, as they discuss Elder Fraud, phishing attacks targeting AOL users, Cash App phishing kits and bogus Capital Calls among other things.

James McQuiggans info:
Twitter: @James_McQuiggan
LinkedIn: https://www.linkedin.com/in/jmcquiggan/

His book Pick:
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors
https://www.amazon.com/Transformational-Security-Awareness-Neuroscientists-Storytellers/dp/1119566347/

Stories from the show:

Elder Fraud:
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/elder-fraud

Beware: AOL phishing email states your account will be closed:
https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/

Cash App phishing kit deployed in the wild, courtesy of 16Shop:
https://www.bleepingcomputer.com/news/security/cash-app-phishing-kit-deployed-in-the-wild-courtesy-of-16shop/

Investors are the next target of large-scale cyberattacks:
https://www.bleepingcomputer.com/news/security/investors-are-the-next-target-of-large-scale-cyberattacks/

The Jerich Show Episode 38 - Mohammed Aldoub discussed API and Cloud security

Fri, 26 Feb 2021 08:13:51 -0500

Mohammed Aldoub AKA @voulnet is an API and Cloud security expert. While Erich is off nursing a sore neck, Mohammed keeps Javvad quiet and drops some serious API security knowledge.

Links discussed:
Clubhouse https://twitter.com/_DanielSinclair/status/1363738761339826177?s=19

Hacking Starbucks https://samcurry.net/hacking-starbucks/

Cloud pricing specialists https://www.duckbillgroup.com/

API vulnerability https://hackerone.com/reports/810320

Exploiting Drupal8's REST RCE https://www.ambionics.io/blog/drupal8-rce

Stop using JWT for sessions http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/

Mohammed's Github (tools, upcoming training schedule) https://github.com/Voulnet

Follow Mohammed on twitter @voulnet

The Jerich Show Episode 37 - Javvad's internet is broken, we talk ransomware and the new M1 virus

Fri, 19 Feb 2021 11:04:07 -0500

Javvad's internet is broken, so he is a pixelated mess, but we still talk ransomware and the new Mac M1 virus.

Stories from the show:

Kia Motors Hit With $20M Ransomware Attack – Report (with a cameo ad for Erich's upcoming ThreatPost panel)
https://threatpost.com/kia-motors-ransomware-attack/164085/

When Cyber Gangs Disregard Ransomware Payments, Victims Can Be Hit Twice
https://securityintelligence.com/news/when-cyber-gangs-disregard-ransomware-payments/

First Malware Running Natively on M1 Chip Discovered
https://www.macrumors.com/2021/02/17/first-m1-chip-malware/

The Jerich Show Episode 36 - Kylee Lockwood, ICS issues, a lawyer that is not a cat and more.

Fri, 12 Feb 2021 08:02:00 -0500

In this episode, Erich and Javvad welcome Kylee Lockwood, a pro in the field of compliance, to the show as they discuss issues with ICS, the impact of cat filters on professional people and another loss of source code.

Kylee's contact information:
LinkedIn - https://www.linkedin.com/in/kyleemarie/
Twitter - @kyleemariel

Links from the show:

Hackers steal StormShield firewall source code in data breach
https://www.bleepingcomputer.com/news/security/hackers-steal-stormshield-firewall-source-code-in-data-breach/

ICS Challenges
https://www.zdnet.com/article/hacker-modified-drinking-water-chemical-levels-in-a-us-city/

Lawyer is NOT a cat:
https://www.entrepreneur.com/article/365148

Cat filter accidentally used in Pakistani minister’s live press conference:
https://www.bbc.com/news/world-asia-48663289

The Jerich Show Episode 35 - Ransomware, WiFi Ownage and Facial Recognition

Fri, 05 Feb 2021 08:14:58 -0500

In this episode Erich and Javvad discuss stories related to ransomware, vulnerabilites in some WiFi chipsets and issues related to the Greek police officers being issued hardware allowing for facial recognition and fingerprint identification.

Stories in this episode:

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices:
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html

Ransomware attacks increasingly destroy victims’ data by mistake:
https://www.bleepingcomputer.com/news/security/rise-in-ransomware-attacks-mistakenly-causing-data-destruction/

Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again:
https://www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/

Greek Police to Introduce Live Facial Recognition:
https://www.infosecurity-magazine.com/news/greek-police-to-introduce-live

The Jerich Show Episode 34 - Adrian Sanabria, the Emotet takedown and more

Fri, 29 Jan 2021 08:00:00 -0500

This week Javvad and Erich welcome a long time friend and former colleague of Javvad's, Adrian Sanabria to the show as they discuss news around the takedown of the the Emotet group, a new phishing toolkit that dynamically changes brands and other news from they cybersecurity world. Adrian also discusses his new job and how it will change the future of infosec tool product reviews.

Don't forget to like and subscribe for more great weekly content!

Adrian's Social Media:
Twitter: @sawaba
LinkedIn: https://www.linkedin.com/in/adrian-sanabria/
OnlyFans: TBD

Stories from the show:

Emotet Takedown:
https://www.bbc.com/news/technology-55826258

New Phishing Toolkit:
https://www.zdnet.com/article/new-cybercrime-tool-can-build-phishing-pages-in-real-time/

Krebs on Solarwinds:
https://krebsonsecurity.com/2021/01/solarwinds-what-hit-us-could-hit-others/

The Sonicwall Problem:
https://threatpost.com/sonicwall-breach-zero-days-in-remote-access/163290/

The Security Products We Deserve:
https://youtu.be/GHuQC1qLnJ4

The Jerich Show Episode 33 - Headline Roulette

Fri, 22 Jan 2021 09:12:26 -0500

Knowing that Erich was going in for doctor visit that morning, Javvad decided rather than a traditional show, to help take his mind off things, he would put Erich on the spot to comment to stories he had no idea were coming.

Welcome to Headline Roulette, a speed response to the following stories with no time to actually read these articles:

Privacy-focused search engine DuckDuckGo grew by 62% in 2020
https://www.bleepingcomputer.com/news/technology/privacy-focused-search-engine-duckduckgo-grew-by-62-percent-in-2020/

FBI: Disinformation Campaigns Seek to Exploit Capitol Siege
https://www.bankinfosecurity.com/fbi-disinformation-campaigns-seek-to-exploit-capitol-siege-a-15782

FBI warns of vishing attacks stealing corporate accounts
https://www.bleepingcomputer.com/news/security/fbi-warns-of-vishing-attacks-stealing-corporate-accounts/

A Chinese hacking group is stealing airline passenger details
https://www.zdnet.com/article/a-chinese-hacking-group-is-stealing-airline-passenger-details/

70% of UK finance industry hit with cyber-attacks in 2020
https://uk.finance.yahoo.com/news/70-percent-uk-finance-industry-hit-with-cyberattacks-in-2020-000851797.html

Hacker posts 1.9 million Pixlr user records for free on forum
https://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/

Coin-Mining Malware Volumes Soar 53% in Q4 2020
https://www.infosecurity-magazine.com/news/coinmining-malware-volumes-soar-53/

When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number
https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram

X-rated social media app Fleek exposed explicit photos of users
https://www.hackread.com/social-media-app-fleek-explicit-photos-leak/

DON'T FORGET TO LIKE AND SUBSCRIBE

The Jerich Show Episode 32 - Rowenna Fielding - Let's talk about privacy

Fri, 15 Jan 2021 08:00:00 -0500

In this episode, Javvad and Erich are joined by privacy expert Rowenna Fielding for a fun and informative show discussing privacy issues around the globe. The group discusses changes made by TikTok, the new WhatsApp privacy debacle, the use crowdsourcing by law enforcement after the capitol fiasco, and how to move from and infosec role to a job focused on privacy.

Rowenna’s recommended books:
• Surveillance capitalism - https://www.amazon.com/Age-Surveillance-Capitalism-Future-Frontier/dp/1541758005/
• Weapons of math destruction - https://www.amazon.com/Weapons-Math-Destruction-Increases-Inequality/dp/0553418831/
• Algorithms of oppression - https://www.amazon.com/Algorithms-Oppression-Search-Engines-Reinforce/dp/1479837245/

Rowenna’s Patreon link:
http://patreon.com/missiggeek

Links from the show:
TikTok: All under-16s' accounts made private - https://www.bbc.com/news/amp/technology-55639920

WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app - https://arstechnica.com/tech-policy/2021/01/whatsapp-users-must-share-their-data-with-facebook-or-stop-using-the-app/

Rowenna’s breakdown of the WhatApp privacy changes - https://missinfogeek.net/whatsapp-privacy-policy-translated/

Capitol riots: Who has the FBI arrested so far? - https://www.bbc.com/news/world-us-canada-55626148

@sawaba plotted video uploads from the GPS coordinates of the capital on 1/6/21 - https://twitter.com/sawaba/status/1349056336202522625

I Cut the 'Big Five' Tech Giants From My Life. It Was Hell - https://gizmodo.com/i-cut-the-big-five-tech-giants-from-my-life-it-was-hel-1831304194

The Jerich Show Episode 31 - Garrett Gross, The End Of The Year And Our Favorite Stories Of 2020

Fri, 11 Dec 2020 15:20:03 -0500

Join Javvad and Erich as they trick the ever funny and good humored Garrett Gross in to joining, them one last time before their end of year break, for a solid 9 minutes of great discussion followed by his dismissal. Once rid of him, the team turns the topic to their own favorite infosec stories of 2020.

After this episode Erich and Javvad will be taking a break until the new year while they try incantations, burning of incense, interprative dance and any other possible method of ensuring 2021 won't be the dumpster fire that 2020 was.

This is a great time to catch up on earlier episodes here and on Youtube at: https://www.youtube.com/channel/UCDCt5A9GDeTHWEBE8hHkKeg

Please like and subscribe to be notified of new episodes

Follow Garrett on Twitter at: @breachparty

Links from the show:

A Hacker Nearly Stole $8 Million From An Aussie Hedge Fund Using A Fake Zoom Invite:
https://www.gizmodo.com.au/2020/11/a-hacker-nearly-stole-8-million-from-an-aussie-hedge-fund-using-a-fake-zoom-invite/

Travelex driven into financial straits by ransomware attack:
https://www.scmagazine.com/home/security-news/travelex-driven-into-financial-straits-by-ransomware-attack/

A Hacker Is Threatening to Leak Patients' Therapy Notes:
https://www.wired.com/story/hacker-threaten-release-therapy-notes-patients/

Patients of Hacked US Surgical Company Hit with Ransom Demands:
https://www.infosecurity-magazine.com/news/patients-of-hacked-surgical/

The Jerich Show Episode 30 - Alethe Denis Joins Us, Amazon Scams, and Cyber Attacks at Home

Fri, 04 Dec 2020 08:50:15 -0500

In this episode, Javvad and Erich welcome Althe Denis, winner of the Social Engineering Capture the The Flag (SECTF) at DEFCON and one of the most motivated and awesome people we have met.

They discuss her path to an infosec career, how she keeps things straight and advice for those interested in getting in to the infosec community from other careers.

They also discuss some interesting news stories related to cyber attacks on homes, the OGUsers forum hack/ransom, Amazon delivery scams and the value of C-Level executive credentials and accounts.

All this and more! Be sure to like and subscribe to catch the latest episode each week.

Alethe's Contact info:
Twitter - @AletheDenis
Website - Alethedenis.com

Links from the story:

Hackers attack homes on average 104 times a month, says new Comcast report
https://www.gearbrain.com/are-smart-home-devices-secure-2649035325.html

Stolen credentials forum OGUsers hacked again with user data stolen
https://siliconangle.com/2020/12/02/stolen-credentials-forum-ogusers-hacked-user-data-stolen/

Beware - that email about your Amazon delivery alert could be an online scam
https://www.techradar.com/news/that-amazon-delivery-alert-email-could-be-a-phishing-scam

A hacker is selling access to the email accounts of hundreds of C-level executives
https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/

Alethe's book recommendations:

The Code of Trust
https://www.amazon.com/Code-Trust-American-Counterintelligence-Experts/dp/1250093465/

Swing Away
https://www.amazon.com/Swing-Away-Conquering-Impostor-Syndrome/dp/B086MKGHVG/

Operator Handbook
https://www.amazon.com/Operator-Handbook-Team-OSINT-Reference/dp/B085RR67H5/

Pentester Blueprint:
https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307/

Hacking Multifactor Authentication
https://www.amazon.com/Hacking-Multifactor-Authentication-Roger-Grimes/dp/1119650798/

The Jerich Show Episode 29 - When our Privates Aren't Private

Fri, 27 Nov 2020 08:17:12 -0500

In this special Thanksgiving episode, Erich and Javvad talk about privacy issues related to both the government and in the private sector. Should your employer judge your performance on based on an Office 360 report? Should the government restrict singing in your own home?

These questions and more will be answered in this episode.

Don't forget to like and subscribe!

Links from the show:

CDC Guidance:
https://www.cdc.gov/coronavirus/2019-ncov/global-covid-19/shielding-approach-humanitarian.html

California Guidance:
https://www.cdph.ca.gov/Programs/CID/DCDC/Pages/COVID-19/Guidance-for-the-Prevention-of-COVID-19-Transmission-for-Gatherings-November-2020.aspx

Amazon and Employees:
https://www.vice.com/en/article/5dp3yn/amazon-leaked-reports-expose-spying-warehouse-workers-labor-union-environmental-groups-social-movements

Wolfie Christl and O365:
https://twitter.com/WolfieChristl/status/1331221942850949121?s=20

The Jerich Show Episode 28 - That Time Mark Shawa (Afri-CAN) Joined Us

Fri, 20 Nov 2020 08:42:54 -0500

In this show, Javvad and Erich welcome the incredibly entertaining guest, Mark Shawa. Mark discusses ways to improve security culture, why it's so important, and gives sugeestions for reading materials and people to follow in the industry.

Erich and Javvad also discuss how stress is impacting employees, the spike in phishing as we get close to Black Friday and a really interesting and scary new attack using browser notifications.

Join us and subscribe for the latest in cybersecurity news delivered every week and check out the podcast version at https://thejerichshow.podbean.com/.

Links from the show:

Mark Shawa - https://markshawa.com/

Stressed Employees:
https://www.securitymagazine.com/articles/93921-stressed-employees-behind-4-in-10-data-breaches

Browser Notification Attacks:
https://krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/

Phishing and Black Friday:
https://www.itpro.co.uk/security/357796/sharp-spike-in-phishing-attacks-in-the-weeks-ahead-of-black-friday

Books Mark Recommended:
Animal Farm - George Orwell: https://www.amazon.com/Animal-Farm-George-Orwell/dp/0451526341/

Start With Why - Simon Sinek: https://www.amazon.com/Start-Why-Leaders-Inspire-Everyone/dp/1591846447/

The Art of Deception - Kevin Mitnick: https://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X/

The Subtle Art of Not Giving a F*ck - Mark Manson: https://www.amazon.com/Subtle-Art-Not-Giving-Counterintuitive/dp/0062457713/

Transformational Security Awareness - Perry Carpenter : https://www.amazon.com/Transformational-Security-Awareness-Neuroscientists-Storytellers/dp/1119566347/

Mark's Notable Thought Leaders :
Theo Baloyi - CEO of Bathu Shoes: https://www.linkedin.com/in/theo-baloyi-07b6891a3/

Sylvester Chauke - Founder of DNA Brand Architects: https://www.linkedin.com/in/sylvester-chauke-385a3216/

David and Madeline McQueen - Founder of Madeline McQueen & Founder of David McQueen: https://www.madelinemcqueen.com/ and https://www.davidmcqueen.co.uk/

Anna Collard - KnowBe4 SVP - Founder of Popcorn Training: https://www.linkedin.com/in/anna-collard-606817/

Lisa Ventura - Founder UK Cyber Security Association: https://lisaventura.co.uk/

The Jerich Show Episode 27 - Kids Games and Breaches plus Microsoft Says To Ditch SMS MFA

Fri, 13 Nov 2020 08:38:27 -0500

After a week off after a traffic accident, Erich and Javvad discuss another data breach around a kids game and discuss the Microsoft advisory to move away from SMS Multi-Factor Authentication

Links from the show:

Hacking Multifactor Authentication:
https://amzn.to/2K2RMba

Hackers Steal 46 Million Records from Kids’ Game Developer:
https://www.infosecurity-magazine.com/news/hackers-steal-46-million-records/\

The Animal Jam data breach notification:
https://www.animaljam.com/en/2020databreach

The difference between two-factor and two-step authentication:
https://paul.reviews/the-difference-between-two-factor-and-two-step-authentication/

Microsoft urges users to stop using phone-based multi-factor authentication:
https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/

The Jerich Show Episode 26 - More Low Blows from the Ransomware Gangs

Fri, 30 Oct 2020 08:42:25 -0400

In this episode Javvad and Erich take a look at the new low that the Ryuk ransomware gang is sinking to, that is targeting hospitals and medical clinics.

They also discuss the incredible amount of money being made in the ransomware game, with one group claiming to have made over $100 million. On the other side of that coin, a ransomware gang donated $10k to charity. Why? Who really knows? Maybe guilt, maybe a PR move, maybe just a way to get mentioned on the show.

Finally, to wrap up their ransom demanding trend today, they discuss a group that breached a Finnish psychotherapy clinic and then blackmailed the patients.

All of this and more in this week's show.

Links from the show:
https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/

https://krebsonsecurity.com/2020/10/fbi-dhs-hhs-warn-of-imminent-credible-ransomware-threat-against-u-s-hospitals/

https://www.bleepingcomputer.com/news/security/revil-ransomware-gang-claims-over-100-million-profit-in-a-year/

https://www.theregister.com/2020/10/26/finland_psychotherapy_clinic_ransom_attack/

The Jerich Show Episode 25 - Direct Threats Against Voters and Fun with Zero-Days

Fri, 23 Oct 2020 09:31:10 -0400

In this episode Erich and Javvad discuss the threatening emails sent to some US voters that are registered Democrats, apparently from none other than Iran. Do they help a certain party or are they just designed to create division?

In addition, there is a new 0-day vulnerability for Chrome that is being exploited in the wild. Javvad and Erich discuss the issues related to patching and when 0-days are important, and when they aren't.

All this, plus Javvad gets confused while trying to accomplish the simple task of announcing the podcast version of The Jerich Show and the new Twitter account. This is what happens when he mutes Erich.

Emailed Threats to Voters:
https://www.npr.org/2020/10/21/926445682/u-s-blames-iran-for-threatening-election-emails-says-russia-may-interfere-too

The Chrome 0-Day:
https://thehackernews.com/2020/10/chrome-zeroday-attacks.html

The new Jerich Show Podcast:
On Apple: https://podcasts.apple.com/us/podcast/the-jerich-show-podcast/id1536420750
On Podbean: https://thejerichshow.podbean.com/#

The Jerich Show Twitter handle:
@TheJerichShow

The Jerich Show Episode 24 - Burnout, Barnes & Noble and Bad Ads

Mon, 19 Oct 2020 10:28:56 -0400

In this episode Javvad and Erich discuss pandemic burnout, the Barnes & Noble breach and the trouble with advertising and accidental outrage.

If you like this episode, subscribe for more weekly insights

The Jerich Show Episode 23 - It's NCSAM and About Time We Had Another Sponsor

Fri, 16 Oct 2020 16:02:48 -0400

In this episode, Erich and Javvad are joined by Thom Langford from (TL)2 Security, who somehow got us to refer to him as a sponsor. I think Javvad is taking bribes now.

The important and valuable parts of this episode are our chats about National CyberSecurity Awareness Month (NCSAM) and ways to make your programs work well and about MFA. Thom and Erich offer great advice while Javvad just nods his head.

The Jerich Show Episode 22 - How Far Is Too Far And How To Take Out A Village On A Budget

Fri, 16 Oct 2020 16:02:41 -0400

In this episode our heroes discuss a simulated phishing attack that went a little too far and the dangers involved, plus they discuss how on unsuspecting person took out the internet in their village every morning at 7am... for a year and a half.

Stories:
Tribune Publishing apologizes for fake bonus offer in phishing-simulation email
https://blog.knowbe4.com/tribune-publishing-apologizes-for-fake-bonus-offer-in-phishing-simulation-email

Old TV caused village broadband outages for 18 months
https://www.bbc.com/news/uk-wales-54239180

On a side note, the Jerich Show is now auditioning for additional sponsors. We don't need a lot, perhaps a small personal jet and a modest facility on Miami Beach from which to record and live. If you know someone willing to provide these, let us know, otherwise you can help just by hitting Subscribe below

The Jerich Show Episode 21 - TikTok, Ransomware Kills and Chasing Child Predators

Fri, 16 Oct 2020 16:02:33 -0400

In this episode Erich and Javvad chat about the TikTok and Oracle merger/buyout/whatever thing that is happening, a case where ransomware kills and finally we discuss how people are being leveraged to help find endangered children or help hunt down child predators.

Links from this episode:

Oracle and TikTok:
https://techcrunch.com/2020/09/13/oracle-wins-bid-to-buy-tiktok/

A Ransomware Attack Turns Deadly:
https://www.theverge.com/2020/9/17/21443851/death-ransomware-attack-hospital-germany-cybersecurity

Europol's Stop Child Abuse – Trace An Object:
https://www.europol.europa.eu/stopchildabuse

Innocent Lives Foundation:
https://www.innocentlivesfoundation.org/get-involved/

The Jerich Show Episode 20 - More Fun With Ransomware

Fri, 16 Oct 2020 16:02:24 -0400

In this episode Javvad and Erich chat about some recent ransomware attacks that hit a school district here in the US and a power provider in Pakistan. We discuss the timing of the tactics being used by attackers and other somewhat interesting points.

The Jerich Show Episode 19 - That Time Quentyn Joined Us

Fri, 16 Oct 2020 16:02:17 -0400

This week Javvad and Erich were joined by Quentyn Taylor, where we discussed SIM swapping attacks and how Ring doorbells could ruin the suprise the police have planned for you.

Check out Quentyn on Twitter at @QuentynBlog

Links to our stories:
The SIM swapping attacks against phone carriers
https://www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh

FBI worried that Ring doorbells are spying on police
https://www.bbc.com/news/technology-53985418

The Ring neighborhood app Erich mentioned
https://www.nytimes.com/wirecutter/blog/ring-neighbors-app-review/

The JerichShow Episode 18 - The One About the Russian

Fri, 16 Oct 2020 16:02:09 -0400

Join Javvad and Erich as they discuss the interesting situation where a Russian criminal tried to get an employee to sabotage their organzation, offering a million dollars to do it.

They also discuss a quite simple and lucrative plan that was selling toothbruses to Amazon for $94 each.

The Jerich Show Episode 17 - Not the Carnival I hoped for and an Uber Big Legal Issue

Fri, 16 Oct 2020 16:02:01 -0400

In this episode, Once Javvad remembers who he is, has a discussion with Erich about the Carnival Cruise Lines ransomware attack/data breach, new legal filings against the past Uber CISO related to that breach, and the importance of transparency when the wheels fall off the wagon.

Carnival:
https://www.engadget.com/carnival-cruise-customer-data-at-risk-following-ransomware-attack-225029822.html

The Uber Issue
https://www.npr.org/2020/08/20/904113981/former-uber-executive-charged-with-paying-hush-money-to-conceal-massive-breach?t=1598007456273

The Jerich Show Episode 16 - Social Media Fights and Real Things That Seem Like Scams

Fri, 16 Oct 2020 16:01:53 -0400

In this episode Javvad and Erich tackle the rather interesting situation that happened last week when one vendor accused another one of some shady practices, then found out it wasn't them. Do fights over social media really help? They discuss it.

They also talk about people receiving legitimate emails that follow the script of the phishing emails to the point, you can't tell them apart.

This and more on this episode of the Jerich Show!

The Jerich Show Episode 15 - Supply Chain Side Effects and Data Leakage

Fri, 16 Oct 2020 16:01:10 -0400

We're both back this week to bring you more low quality coverage of high quality topics. Javvad, spurred on by the threat of being permanently replaced by a rock, really adds some good insights to the topics this week.

We discuss the documents leaked from the Intel portal and the risks associated with the supply chain: https://www.zdnet.com/article/intel-investigating-breach-after-20gb-of-internal-documents-leak-online/

We then continue on to chat about the impact of leaked documents from the UK government: https://uk.reuters.com/article/uk-britain-russia-hack-exclusive/exclusive-papers-leaked-before-uk-election-in-suspected-russian-operation-were-hacked-from-ex-trade-minister-sources-idUKKBN24Z1UL

Finally, we discuss the unprotected Zoom hearing for the Twitter hacker, which allowed all participants to screen share, and how nobody could have possibly predicted that it might be impacted by shenanigans: https://www.itpro.co.uk/software/video-conferencing/356680/teenage-twitter-hackers-virtual-trial-is-zoom-bombed

Don't forget to scubscribe so you can catch every episode of the Jerich Show

The Jerich Show Episode 14 - Celebrating Sysadmin Day

Fri, 16 Oct 2020 16:01:01 -0400

Today, with the help of a stand in for Javvad, we celebrate the 21st annual Sysadmin Day.

Sysadmins have a rough life and it is only fitting that we stop being cruel to them at least 1 day of each year. This is that day, so go find a sysadmin, give them a big hug and softly whisper something nice in their ear*.

*Seriously folks, DON'T do this. Maybe offer to buy them lunch or a frosty beverage after work instead. They really do deserve it.

The Jerich Show Episode 13 - Meow

Fri, 16 Oct 2020 16:00:52 -0400

Erich is on holiday, but the show must go on!

Stories covered:

Posti Phishing scam:

https://yle.fi/uutiset/osasto/news/helsinki_police_probe_200k_phishing_scam_in_postis_name/11438564

Meow Bot:

https://www.forbes.com/sites/daveywinder/2020/07/22/not-all-internet-cats-are-cute-meow-bot-is-a-database-destroyer/#13a2a8b30e24

The Jerich Show Episode 12 - A Tweetworthy Week

Fri, 16 Oct 2020 16:00:44 -0400

This week Javvad and Erich chat about the the week that twitter got hacked and the the social engineering behind the associated Bitcoin scam. We also both look back and wish we had invested when BTC was $35

The Jerich Show Episode 11 - Facial Recognition

Fri, 16 Oct 2020 16:00:36 -0400

Facial recognition, the future or a terrible mistake?

Stories covered this week:

Facial recognition technology flagged 26 California lawmakers as criminals. This bill to ban the tech is headed to the Senate:

https://www.mercurynews.com/2019/08/14/facial-recognition-technology-flagged-26-california-lawmakers-as-criminals-this-bill-to-ban-the-tech-is-headed-to-the-senate/

California legislature bars facial recognition for police body cameras:

https://www.reuters.com/article/us-california-facial-recognition/california-legislature-bars-facial-recognition-for-police-body-cameras-idUSKCN1VX2ZP

Lawmakers propose indefinite nationwide ban on police use of facial recognition:

https://www.cnet.com/news/lawmakers-propose-indefinite-nationwide-ban-on-police-use-of-facial-recognition/

'The Computer Got It Wrong': How Facial Recognition Led To False Arrest Of Black Man: https://www.npr.org/2020/06/24/882683463/the-computer-got-it-wrong-how-facial-recognition-led-to-a-false-arrest-in-michig

How NIST Tested Facial Recognition Algorithms for Racial Bias:

https://www.scientificamerican.com/article/how-nist-tested-facial-recognition-algorithms-for-racial-bias/

The Jerich Show Episode 10 - TikTok, Social Media and Privacy

Fri, 16 Oct 2020 16:00:29 -0400

In this episode of the Jerich Show, Erich and Javvad discuss the world of social media and how much data we trade for a few funny videos. **Spoiler alert: It's a lot**

Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It: https://www.boredpanda.com/tik-tok-reverse-engineered-data-information-collecting/

Social Media Information Breach:

https://www.forbes.com/sites/petersuciu/2020/06/26/there-isnt-enough-privacy-on-social-media-and-that-is-a-real-problem/#38ddaad444f1

The Jerich Show Episode 9 - I Can't Remember What This Was About

Fri, 16 Oct 2020 16:00:20 -0400

In this episode of the Jerich Show, Javvad and Erich talk about mental exhaustion, the stressors of being tired and how this can lead to falling for scams and social engineering attacks.

The Jerich Show Episode 8 - Of Tea Shops and Cyber Mercenaries

Fri, 16 Oct 2020 16:00:09 -0400

In this episode Javvad and Erich discuss a group of cyber mercenaries that put up shop above a nice little tea shop in New Delhi.

The discussed in the story is here: https://in.reuters.com/article/india-cyber-mercenaries/exclusive-obscure-indian-cyber-firm-spied-on-politicians-investors-worldwide-idINKBN23G1FI

The Jerich Show Episode 7 - Social Media Misinformation, Statistics and the 5G's

Fri, 16 Oct 2020 16:00:01 -0400

In this episode Erich and Javvad tackle the issue of misinformation in social media and the impacts it can have. We all know that there are lies, damn lies and statistics. Bots are taking over Twitter and other social media sites and posting divisive content to both sides of arguments. It's never been more important to do your own fact checking and understand what is actually being presented. Also, people are falling for silly stuff due to the hype, so as a public service, Javvad tells us about a device meant to save us from the 5G's.

The Jerich Show Episode 6 - How Low Will They Go?

Fri, 16 Oct 2020 15:59:48 -0400

In this episode Javvad and Erich talk about scammers and just how low they will go to make a few bucks. We also discuss how some of their stupidity gets them caught

The Jerich Show Episode 5 - The CISSP is a Masters Degree?

Fri, 16 Oct 2020 15:59:27 -0400

In this episode of the Jerich show, Javvad and Erich tackle the recent issue of the CISSP and Masters degree equivalency bombshell.

The Jerich Show Episode 4 - Executive Phishing and Returning to Work Chaos

Fri, 16 Oct 2020 15:59:11 -0400

In this episode, Javvad talks about an incident where executives were compromised at over 150 companies and Erich talks the mayhem we can expect when returning to work as the economy is reopened

The Jerich Show Episode 3 -Travelex and Doppelpaymer

Fri, 16 Oct 2020 15:58:37 -0400

In this episode, Javvad talks about the current post-incident status of Travelex and Erich talks about the City of Torrance, Ca getting hit by Doppelpaymer ransomware

The Jerich Show Episode 2 - From Ransomware to Facebooks Scams

Fri, 16 Oct 2020 15:58:06 -0400

In this episode, Javvad and Erich discuss security topics ranging from the new normal for ransomware to hot scams on Facebook.

The Jerich Show Episode 1 - COVID Scams, Mental Health Plus More

Fri, 16 Oct 2020 15:56:58 -0400

In this episode Javvad and Erich carry the mantra "Timely Topics, Poorly Presented" as they discuss a bunch of different COVID-19 scams, mental health during the pandemic and Javvad shows just how blue he has become.