Shared Security Podcast

Rafal Los, host of the popular Down the Security Rabbithole Podcast, joins us to discuss CISO liability risk and the ongoing discussion in the cybersecurity community about CISOs going to jail. Plus, details on the recent (ISC)2 bylaw vote (why you should vote no) and a discussion about the value of cybersecurity certifications. ** Links mentioned on the show ** After the Sullivan Verdict: A CISO’s Guide to Avoiding Jail https://www.bankinfosecurity.com/after-sullivan-verdict-cisos-guide-to-avoiding-jail-a-20285 What the Uber Breach Verdict Means for CISOs in the US https://www.darkreading.com/attacks-breaches/what-the-uber-breach-verdict-means-for-cisos-in-the-us ISC2 bylaw drama So here's a summary of what ISC2 is changing in its Bylaws and why you should vote NO in the upcoming Bylaws vote. Hold on to your wigs: — Wim Remes (@wimremes) October 14, 2022 Down the Security Rabbithole Podcast with host Rafal Los https://podcast.wh1t3rabbit.net/ ** Watch this episode on YouTube ** https://youtu.be/HAfjHZaA4AA ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post CISO Liability Risk and Jail Time, (ISC)2 Bylaw Vote and the Value of Cybersecurity Certifications appeared first on Shared Security Podcast.

Two modified wi-fi enabled drones were found on the top of a financial firm’s building and used to intercept a employee’s credentials, a fun discussion about the best way to physically destroy data on electronics that no longer work, and details about Signal removing SMS support for Android users. ** Links mentioned on the show ** How Wi-Fi spy drones snooped on financial firm https://www.theregister.com/2022/10/12/drone-roof-attack/ How to wipe out data from things that don’t turn on? https://www.reddit.com/r/privacy/comments/y6535n/how_to_wipe_out_data_from_things_that_doesnt_turn/ Signal will remove support for SMS text messages on Android https://www.bleepingcomputer.com/news/technology/signal-will-remove-support-for-sms-text-messages-on-android/ ** Watch this episode on YouTube ** https://youtu.be/KJ9kfMGXebg ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Attack of the Wi-Fi Spy Drones, How to Destroy Your Old Electronics, Signal Removes SMS Support appeared first on Shared Security Podcast.

Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for LinkedIn. ** Links mentioned on the show ** Guilty verdict in the Uber breach case makes personal liability real for CISOs https://www.csoonline.com/article/3676148/guilty-verdict-in-the-uber-breach-case-makes-personal-liability-real-for-cisos.html https://www.linkedin.com/posts/stuart-w-techsecscot_uberbreach-uberciso-uberhack-activity-6984057144438325248-gg1s/ Is mandatory password expiration helping or hurting your password security? https://www.helpnetsecurity.com/2022/10/04/mandatory-password-expiration-helping-or-hurting-password-security/ Glut of Fake LinkedIn Profiles Pits HR Against the Bots https://krebsonsecurity.com/2022/10/glut-of-fake-linkedin-profiles-pits-hr-against-the-bots/ This person does not exist. AI generated profile pictures. https://thispersondoesnotexist.com/ The Capture on BBC https://www.bbc.co.uk/programmes/m00085sx/episodes/player ** Watch this episode on YouTube ** https://youtu.be/IdQ0xW4yNHU ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Uber Breach Guilty Verdict, Mandatory Password Expiration, Fake Executive Profiles on LinkedIn appeared first on Shared Security Podcast.

A recent survey of ethical hackers by Bishop Fox and SANS shows that once a vulnerability or weakness is found about 58% of ethical hackers can break into an environment in less than five hours, SMS phishing and text message scams appear to be changing tactics taking a more “urgent” tone, and a discussion about strange ways employees can accidentally expose data. ** Links mentioned on the show ** More Than 60% Of Hackers Can Exfiltrate Data In Less Than Five Hours https://bishopfox.com/news/sans-hacking-survey-report-pr https://www.darkreading.com/attacks-breaches/attackers-less-than-ten-hours-find-weaknesses Scam nation: Why living with grifters is our new normal https://mashable.com/article/constant-texting-scams YSK: you shouldn’t reply “stop” to spam text messages https://www.reddit.com/r/YouShouldKnow/comments/x2q37p/ysk_you_shouldnt_reply_stop_to_spam_text_messages 8 strange ways employees can (accidentally) expose data https://www.csoonline.com/article/3675542/8-strange-ways-employees-can-accidently-expose-data.html ** Watch this episode on YouTube ** https://youtu.be/oqIo5yeHMIA ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Hackers Need 5 Hours or Less to Break In, SMS Phishing Tactics, Strange Ways Employees Expose Data appeared first on Shared Security Podcast.

Passkeys are coming soon to Apple iOS 16 so what are passkeys and why are they an eventual replacement for passwords? Researchers have discovered a new attack that uses mouse movement in Microsoft PowerPoint to deploy malware, and details on how the 2K Games help desk support platform was compromised to push malware through fake support tickets. ** Links mentioned on the show ** Passkeys coming to iOS 16. What are Passkeys? https://developer.apple.com/passkeys/ https://www.cnet.com/tech/mobile/passkeys-more-secure-than-passwords-arrive-on-ios-16-iphone-14/ https://developer.apple.com/videos/play/wwdc2022/10092/ Hackers Using PowerPoint Mouseover Trick to Infect System with Malware https://thehackernews.com/2022/09/hackers-using-powerpoint-mouseover.html 2K Games says hacked help desk targeted players with malware https://www.bleepingcomputer.com/news/security/2k-games-says-hacked-help-desk-targeted-players-with-malware/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post What are Passkeys, PowerPoint Mouseover Attack, 2K Games Support Hacked appeared first on Shared Security Podcast.

Uber got hacked by an 18 year old using social engineering and a multi-factor authentication fatigue attack, Morgan Stanley has been auctioning off hard drives holding sensitive client data since 2015, and why is it so hard for social networks to remove personal data when deleting your user account. ** Links mentioned on the show ** Uber was breached to its core, purportedly by an 18-year-old. Here’s what’s known https://arstechnica.com/information-technology/2022/09/uber-was-hacked-to-its-core-purportedly-by-an-18-year-old-here-are-the-basics/ MITRE ATT&CK Mapping of the Uber breach https://twitter.com/MichalKoczwara/status/1571432800787759104/photo/1 Same hacker also claims he hacked Rockstar Games https://www.esquire.com/entertainment/a41292914/gta-6-leak-videos-rockstar-hacker/ Multi-factor Authentication Fatigue Attack – How to prevent being a victim https://sharedsecurity.net/2022/08/22/multi-factor-authentication-fatigue-attack-signal-account-twilio-hack-facebook-and-instagram-in-app-browser/ https://attack.mitre.org/techniques/T1621/ ‘Astonishing.’ Morgan Stanley hard drives holding sensitive client data got auctioned off online https://www.cnn.com/2022/09/20/business/morgan-stanley-fine-customer-data/index.html 35 Best Free Data Destruction Software Programs https://www.lifewire.com/free-data-destruction-software-programs-2626174 Why deleting something from the internet is ‘almost impossible’ https://www.cnn.com/2022/09/18/tech/deleting-data/index.html ** Watch this episode on YouTube ** https://youtu.be/hKateSJO3s0 ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Uber Hacked by 18 Year Old, Morgan Stanley Hard Drives Got Auctioned, Deleting Your Data is Hard appeared first on Shared Security Podcast.

In recent court testimony two Facebook engineers were asked what information, precisely, does Facebook store about us, and where is it? Surprisingly they said, they don’t know. Details on how brand new employees of companies are being “spearmished” (hat tip to @ErinInfosec and @RachelTobac via Twitter), and how thousands of Colorado residents found themselves locked out of their smart thermostats to help prevent the power grid from failing. ** Links mentioned on the show ** Facebook Engineers: We Have No Idea Where We Keep All Your Personal Data https://theintercept.com/2022/09/07/facebook-personal-data-no-accountability/ New Hire SMS Phish Attack Method – Spearmishing? https://twitter.com/RachelTobac/status/1568656397637947392 A utility company locked thousands of customers out of their smart thermostats in Colorado https://www.theverge.com/2022/9/5/23337864/xcel-locked-out-customers-smart-thermostats-colorado-heatwave https://www.reddit.com/r/privacy/comments/xbj024/a_utility_company_locked_thousands_of_customers/ Click Armor’s Cyber Security Awareness Forum https://clickarmor.ca/live-cyber-security-awareness-forum/ ** Watch this episode on YouTube ** https://youtu.be/plNV4pvZZ3o ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Facebook Doesn’t Know Where Your Data Is, New Hire Spearmishing Attack, Smart Thermostat Lock Out appeared first on Shared Security Podcast.

TikTok has denied reports that it was breached by a hacking group, after it claimed they have gained access to over 2 billion user records, the Los Angeles school district, the second-largest in the US, suffered a ransomware attack, and details on how one high school in Sydney Australia installed fingerprint scanners at the entrance to bathrooms to track student movements and prevent vandalism. ** Links mentioned on the show ** TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users’ Information https://thehackernews.com/2022/09/tiktok-denies-data-breach-reportedly.html The second-biggest school district in the US was hit with ransomware https://www.zdnet.com/article/the-second-biggest-school-district-in-the-us-was-hit-with-ransomware/ https://www.msn.com/en-us/news/us/feds-anticipate-ransomware-attacks-against-schools/ar-AA11yV3r Sydney school’s use of fingerprint scanners in toilets an invasion of privacy, expert says https://www.theguardian.com/australia-news/2022/sep/06/sydney-schools-use-of-fingerprint-scanners-in-toilets-an-invasion-of-privacy-expert-says ** Watch this episode on YouTube ** https://youtu.be/BrtFT2u_fdA ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post TikTok Denies Data Breach, Los Angeles School District Ransomware Attack, Fingerprint Scanners in School Bathrooms appeared first on Shared Security Podcast.

Popular password manager LastPass announced that some of their source code was stolen, but that no customer passwords were compromised in a recent data breach disclosure, an Israeli researcher has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards, and details about the Twitter whistleblower Peiter “Mudge” Zatko and his claims about how Twitter had poor security practices, misled federal regulators about safety, and failed to properly estimate the number of bots on Twitter. ** Links mentioned on the show ** LastPass Says No Passwords Stolen in Data Breach https://www.cnet.com/tech/services-and-software/lastpass-says-no-passwords-stolen-in-data-breach/ https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/ ETHERLED: Air-gapped systems leak data via network card LEDs https://www.bleepingcomputer.com/news/security/etherled-air-gapped-systems-leak-data-via-network-card-leds/ Twitter’s former security chief says company lied about bots and safety https://www.theverge.com/2022/8/23/23317857/twitter-whistleblower-zatko-security-spam-safety https://en.wikipedia.org/wiki/L0pht https://en.wikipedia.org/wiki/Peiter_Zatko ** Watch this episode on YouTube ** https://youtu.be/EGJP7i3NUeE ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint appeared first on Shared Security Podcast.

Janet Jackson’s “Rhythm Nation” has been recognized as an exploit for a vulnerability after Microsoft reported it can crash the hard drives of certain old laptop computers, phishing attacks that compromise credentials using brand impersonation are on the rise, and details about a new privacy focused phone carrier that doesn’t track your location or web browsing activity. ** Links mentioned on the show ** Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop https://therecord.media/microsoft-bug-in-janet-jacksons-rhythm-nation-could-crash-a-laptop/ https://www.theregister.com/2022/08/18/janet_jackson_video_crashes_laptops/ Credential phishing attacks skyrocketing, 265 brands impersonated in H1 2022 https://www.helpnetsecurity.com/2022/08/15/landscape-email-threat/ A Phone Carrier That Doesn’t Track Your Browsing or Location https://www.wired.com/story/pretty-good-phone-privacy-android/ https://invisv.com/articles/pretty-good-phone-privacy.html ** Watch this episode on YouTube ** https://youtu.be/orZV_upMYcQ ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Janet Jackson Can Crash Laptops, Credential Phishing Attacks Skyrocket, A Phone Carrier That Doesn’t Track You appeared first on Shared Security Podcast.