Shared Security Podcast
Tom Eston, Scott Wright, Kevin Johnson
Shared Security is the the longest-running cybersecurity and privacy podcast where industry veterans Tom Eston, Scott Wright, and Kevin Johnson break down the week’s security WTF moments, privacy fails, human mistakes, and “why is this still a problem?” stories — with humor, honesty, and hard-earned real-world experience. Whether you’re a security pro, a privacy advocate, or just here to hear Kevin yell about vendor nonsense, this podcast delivers insights you’ll actually use — and laughs you probably need. Real security talk from people who’ve lived it.
Episodes
Mentioned books
Apr 3, 2023 • 31min
The TikTok CEO Testimony, ChatGPT’s Privacy Risks, Inaudible Ultrasound Attacks
The CEO of TikTok was criticized by Congress for his “worthless” assurances regarding the app’s privacy and security. But what is the real motivation for Congress attempting to ban TikTok? Should we be concerned that AI language models like ChatGPT are a privacy nightmare? Not just for businesses but for anyone using it? Researchers have […]
The post The TikTok CEO Testimony, ChatGPT’s Privacy Risks, Inaudible Ultrasound Attacks appeared first on Shared Security Podcast.
Mar 27, 2023 • 21min
Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist
In this episode we discuss Google’s discovery of 18 zero-day vulnerabilities in Samsung’s Exynos chipsets. We examine an AI-assisted social engineering campaign that combines emerging technologies with classic techniques. Finally, we look at a new method of ATM fraud where thieves use glue to disable card readers and trick customers into using the tap function […]
The post Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist appeared first on Shared Security Podcast.
Mar 20, 2023 • 29min
Exploring the Role of Empathy in Cybersecurity with Andra Zaharia
On this episode, Tom Eston discusses empathy in cybersecurity with Andra Zaharia, host of the Cyber Empathy Podcast. We talk about finding her passion for contributing to the industry and the importance of empathy in cybersecurity. We cover how empathy relates to cybersecurity in the industry, the importance of being empathetic in our roles as […]
The post Exploring the Role of Empathy in Cybersecurity with Andra Zaharia appeared first on Shared Security Podcast.
Mar 13, 2023 • 13min
Biden’s National Cybersecurity Strategy, BetterHelp’s FTC Fine, Chick-fil-A Data Breach
What you need to know about Biden’s new National Cybersecurity Strategy, which aims to provide a framework of what the current administration wants the US federal government, critical infrastructure organizations, and private companies to do to work together to improve national cybersecurity. BetterHelp, a direct-to-consumer mental health app, has been asked to pay $7.8m by […]
The post Biden’s National Cybersecurity Strategy, BetterHelp’s FTC Fine, Chick-fil-A Data Breach appeared first on Shared Security Podcast.
Mar 6, 2023 • 31min
The LastPass Attack Gets Worse, What is Gamification, Signal’s Encryption Standoff
Popular password manager LastPass suffered a second attack that lasted for over two months. Now new and disturbing information is being released about the attack. Scott discusses the benefits and challenges of using gamification in security awareness training, emphasizing the importance of individual learning before employing it at the business process level. Signal, a very […]
The post The LastPass Attack Gets Worse, What is Gamification, Signal’s Encryption Standoff appeared first on Shared Security Podcast.
Feb 27, 2023 • 31min
Twitter’s Paywall 2FA, Mental Health Data for Sale, Meta’s Verified Program
Twitter is phasing out its free text message two-factor authentication (2FA) and putting the feature behind a paywall, prompting security experts to advise Twitter users to switch to other authentication methods. How data brokers are selling sensitive mental health data for a few hundred dollars with little attempt to hide identifying information such as names […]
The post Twitter’s Paywall 2FA, Mental Health Data for Sale, Meta’s Verified Program appeared first on Shared Security Podcast.
Feb 20, 2023 • 17min
Reddit Hacked, Preventing Accidental Location Sharing, Developer Hacks His Own Company
Reddit announced that it was the victim of a phishing attack aimed at its employees, resulting in unauthorized access to internal documents, code, and some unspecified business systems. Advice on managing device location-tracking settings to ensure you’re not sharing your location inadvertently. The case of former Ubiquiti employee, Nickolas Sharp, who pled guilty to multiple […]
The post Reddit Hacked, Preventing Accidental Location Sharing, Developer Hacks His Own Company appeared first on Shared Security Podcast.
Feb 13, 2023 • 27min
Layoffs, Recruiting, and The Year Ahead for Cybersecurity Job Seekers
In this episode host Tom Eston sits down with Kathleen Smith, Chief Outreach Officer at ClearedJobs.net, to discuss the current state of the job market in the cybersecurity industry. With a recent surge in layoffs, Kathleen provides advice for those who were recently let go and discusses how the economic situation has affected recruiters. She […]
The post Layoffs, Recruiting, and The Year Ahead for Cybersecurity Job Seekers appeared first on Shared Security Podcast.
Feb 6, 2023 • 21min
Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass
The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors. Not only that, a new vulnerability in the popular open-source password management software KeePass has also been reported. Three […]
The post Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass appeared first on Shared Security Podcast.
Jan 30, 2023 • 27min
U.S. ‘No Fly List’ Leaks, AI-Powered Phishing, Wi-Fi Used to See Humans Through Walls
A hacker discovered a copy of the US No Fly List, which contains the names of people banned from traveling in or out of the US on commercial flights, on an unsecured Jenkins server connected to a commercial airline. Will AI-powered phishing become a threat for organizations? Scientists from Carnegie Mellon University have developed a […]
The post U.S. ‘No Fly List’ Leaks, AI-Powered Phishing, Wi-Fi Used to See Humans Through Walls appeared first on Shared Security Podcast.
