Shared Security Podcast

A Cisco employee was compromised by a ransomware gang using a technique called multi-factor authentication fatigue, an attack on the Signal messenger app’s SMS service Twilio potentially disclosed the phone numbers of 1,900 users, and details on how Facebook and Instagram track what you click on including your web browsing history by using their in-app browser. ** Links mentioned on the show ** Kevin’s interview on the Bishop Fox Livestream from DEF CON 30 Cisco Hacked by Ransomware Gang, Data Stolen https://www.securityweek.com/cybercriminals-breached-cisco-systems-and-stole-data Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack https://thehackernews.com/2022/08/nearly-1900-signal-messenger-accounts.html Facebook and Instagram rewrite websites via in-app browser that can track ‘every single interaction’ https://www.msn.com/en-gb/money/technology/facebook-and-instagram-rewrite-websites-via-in-app-browser-that-can-track-e2-80-98every-single-interaction-e2-80-99/ar-AA10Bqpj ** Watch this episode on YouTube ** https://youtu.be/SBnzn16xt1E ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on Shared Security Podcast.

Aaron Zar, SLNT founder and director of disconnection joins co-host Tom Eston to discuss the importance of Faraday technology, what’s changed with privacy over the last several years, some of the really cool SLNT Faraday products now available, and how Aaron tested product durability by running over a SLNT Faraday Backpack (containing a MacBook Pro) with a truck! Don’t forget, listeners of the podcast get 10% off at slnt.com using discount code “sharedsecurity” during checkout! ** Links mentioned on the show ** Founder of SLNT® Demonstrates the strength of the Berry and TAA Compliant Faraday Dry Bag Check out SLNT’s line of Faraday products https://slnt.com Visit SLNT on Twitter and YouTube https://twitter.com/goslnt https://www.youtube.com/c/Silent-pocket Aaron’s previous appearance on the podcast https://sharedsecurity.net/2019/09/27/aaron-zar-co-founder-and-ceo-of-silent-pocket/ ** Watch this episode on YouTube ** https://youtu.be/6qn8XM8Tyls ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Importance of Faraday Technology with Aaron Zar from SLNT appeared first on Shared Security Podcast.

Why your phone number is becoming a popular way to identify you, our advice on how to best protect your privacy at hacker summer camp in Las Vegas (BSides, BlackHat, DEF CON), and details on Samsung’s new repair mode which will protect your private data on your smartphone when you take it in for repairs. ** Links mentioned on the show ** When did our phone numbers become the new identifier de jour? https://iapp.org/news/a/when-did-our-phone-numbers-become-the-new-identifier-de-jour/ Letter from a librarian to Google about 2fA hurting poor and low income people https://docs.google.com/document/d/1f6HPQbUjslcbjVHkJkAgYmQmBV3PRRHEcx4WL5rxuE8/preview Going to Hacker Summer Camp (Black Hat / DEF CON)? How to secure you and your data while at the world’s largest hacker convention (plus good advice for attending any large event) https://www.reddit.com/r/Defcon/comments/6ddvao/going_to_defcon_leave_your_cell_phone_at_home/ https://forallsecure.com/blog/your-guide-to-hacker-summer-camp-2021 Samsung’s smartphone ‘Repair Mode’ will stop nosy technicians looking at your photos https://www.zdnet.com/article/samsungs-smartphone-repair-mode-will-keep-nosy-technicians-from-looking-at-your-photos ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Phone Numbers Used for Identification, Hacker Summer Camp Advice, Samsung Repair Mode appeared first on Shared Security Podcast.

Twitter suffers a data breach of phone numbers and email addresses belonging to 5.4 million accounts, new research shows that attackers are finding and exploiting zero-day vulnerabilities in 15 minutes, and details on how a resilient trait in videos and images could aid in deepfake detection. ** Links mentioned on the show ** Hacker selling Twitter account data of 5.4 million users for $30k https://www.bleepingcomputer.com/news/security/hacker-selling-twitter-account-data-of-54-million-users-for-30k/ Race against time: Hackers start hunting for victims just 15 minutes after a bug is disclosed https://www.zdnet.com/article/race-against-time-hackers-start-hunting-for-victims-just-15-minutes-after-a-bug-is-disclosed/ Researchers Identify a Resilient Trait of Deepfakes That Could Aid Long-Term Detection https://www.unite.ai/researchers-identify-a-resilient-trait-of-deepfakes-that-could-aid-long-term-detection/ ** Watch this episode on YouTube ** https://youtu.be/JBuz_jKP1xE ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Twitter Data Breach, 15 Minutes to Exploit Zero-Day Vulnerabilities, Resilient Deepfake Traits appeared first on Shared Security Podcast.

In this episode learn all about the world of corporate spying from someone who was a corporate spy and actually wrote a book on it! Robert Kerbeck author of “RUSE: Lying the American Dream from Hollywood to Wall Street” joins us to discuss his fascinating career as a corporate spy, life as a struggling actor, his many celebrity encounters (including his performance in the infamous OJ Simpson exercise video), and how the corporate spying game is still big business. This is one interview you don’t want to miss! ** Links mentioned on the show ** Purchase Robert’s book: “RUSE: Lying the American Dream from Hollywood to Wall Street” https://www.robertkerbeck.com/ Corporate spy reveals how he got secret info from big American companies https://nypost.com/2022/03/09/ex-corporate-spy-robert-kerbeck-on-how-he-got-companies-info/ Robert Kerbeck’s Film Bio https://www.imdb.com/name/nm0449200/ https://memory-alpha.fandom.com/wiki/Robert_Kerbeck Follow Robert on Twitter https://twitter.com/robertkerbeck ** Watch this episode on YouTube ** https://youtu.be/K8mxD7a4z_Y ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Robert Kerbeck Author of RUSE: Lying the American Dream from Hollywood to Wall Street appeared first on Shared Security Podcast.

Apple previews Lockdown Mode which is designed for high risk individuals such as human rights workers, lawyers, politicians and journalists, hotel chain Marriott confirms another data breach, and new details on the development of smart contact lenses and what these could mean for your privacy. ** Links mentioned on the show ** Apple previews Lockdown Mode to protect users from targeted spyware https://www.cnet.com/tech/mobile/apples-lockdown-mode-why-theres-new-level-of-security-for-your-iphone/ https://www.helpnetsecurity.com/2022/07/07/apple-lockdown-mode-video/ Hotel giant Marriott confirms yet another data breach https://techcrunch.com/2022/07/06/marriott-breach-again/ Mojo Vision CEO successfully wore a smart contact lens in his eye https://skarredghost.com/2022/06/28/mojo-vision-contact-tested-eye/ ** Watch this episode on YouTube ** https://youtu.be/4mZAw_NGPDI ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Apple Previews Lockdown Mode, Another Marriott Data Breach, Smart Contact Lenses appeared first on Shared Security Podcast.

The commissioner of the FCC (Federal Communications Commission), asked the CEOs of Apple and Google to remove TikTok from their app stores, bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports and submitted them for personal gain, and new details on the California gun owner data breach which had exposed the personal information of hundreds of thousands of gun owners. ** Links mentioned on the show ** TikTok is “unacceptable security risk” and should be removed from app stores, says FCC https://blog.malwarebytes.com/privacy-2/2022/07/tiktok-is-unacceptable-security-risk-and-should-be-removed-from-app-stores-says-fcc HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains https://thehackernews.com/2022/07/hackerone-employee-caught-stealing.html https://hackerone.com/reports/1622449 Leak of California gun owners’ private data far wider than originally reported https://www.theguardian.com/us-news/2022/jun/30/california-gun-owners-data-breach ** Watch this episode on YouTube ** https://youtu.be/aoUvfGtcI6E ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Could TikTok Be Removed From App Stores, HackerOne Employee Caught Stealing Vulnerability Reports, California Gun Owner Data Breach appeared first on Shared Security Podcast.

Period tracker apps are causing privacy concerns because they could potentially be used against women in states that ban abortion, new research shows that vendors are being impersonated more than employees in Business Email Compromise (BEC) attacks, and details on the first ever bug bounty program from the creators of the LockBit ransomware operation. ** Links mentioned on the show ** How period tracking apps and data privacy fit into a post-Roe v. Wade climate https://www.npr.org/2022/05/10/1097482967/roe-v-wade-supreme-court-abortion-period-apps https://www.msn.com/en-us/news/technology/which-period-tracking-apps-are-secure-to-use-data-privacy-questioned-post-roe-v-wade/ar-AAYXF9C https://source.colostate.edu/period-tracker-apps-privacy-roe-wade/ New Trend in Business Email Compromise Emerges as Vendor Impersonation Overtakes CEO Fraud https://www.galvnews.com/news_ap/business/article_cab81f33-b5f9-5206-bd84-8ce5fb696d6b.html LockBit 3.0 introduces the first ransomware bug bounty program https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/ ** Watch this episode on YouTube ** https://youtu.be/1Ficem_wYIc ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Period Tracking Apps and Your Privacy, Vendor Impersonation Attacks, LockBit Ransomware Bug Bounty Program appeared first on Shared Security Podcast.

The Tim Hortons mobile app created a “a mass invasion of Canadians’ privacy” by conducting continuous location tracking without user consent even when the app was closed, what is a social engineering kill-chain and how can this help understand and prevent attacks, and new research shows 33 out of the top 100 hospitals in America are sending sensitive heath information to Facebook via the Meta Pixel ad tracking tool. ** Links mentioned on the show ** ‘A Mass Invasion of Privacy’ but No Penalties for Tim Hortons https://financialpost.com/news/retail-marketing/tim-hortons-app-violated-privacy-laws-says-canadian-regulator https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2022/pipeda-2022-001/ Social Engineering Kill–Chain: Predicting, Minimizing & Disrupting Attack Verticals https://ahead.feedly.com/posts/social-engineering-kill-chain-predicting-minimizing-and-disrupting-attack-verticals Facebook Is Receiving Sensitive Medical Information from Hospital Websites https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites ** Watch this episode on YouTube ** https://youtu.be/x_GJxDCt71k ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Tim Hortons Privacy Investigation, Social Engineering Kill-Chain, Hospitals Sending Facebook Your Data appeared first on Shared Security Podcast.

A new bipartisan privacy bill, the American Data Privacy and Protection Act, “could” be the first privacy legislation in the US not doomed to fail, a story about why you should delete your location and private data in your car’s navigation system before selling it, and details on Firefox’s new privacy feature called “Total Cookie Protection”. ** Links mentioned on the show ** Legislators Introduce Bipartisan Digital-Privacy Bill That May Not Be Doomed https://www.pcmag.com/news/legislators-introduce-bipartisan-digital-privacy-bill-that-may-not-be-doomed LPT: If your vehicle has a built-in GPS and you plan to trade it in; make sure you clear your home address or any other personal info from it. Many dealers forget to do this. https://www.reddit.com/r/SharedSecurityShow/comments/us0cna/lpt_if_your_vehicle_has_a_builtin_gps_and_you/ Firefox rolls out Total Cookie Protection by default to all users worldwide https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/ ** Watch this episode on YouTube ** https://youtu.be/3ZCu9F64MLY ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Bipartisan Digital-Privacy Bill, Delete Your Data Before Selling Your Car, Firefox Total Cookie Protection appeared first on Shared Security Podcast.