Shared Security Podcast

In this episode we’re discussing the alarming breach of the Tea app, a platform intended for women to share dating experiences. The hack resulted in the exposure of over 13,000 government ID photos, 72,000 user images, and over a million private messages due to poor security practices. We’ll discuss the role of sloppy coding, an exposed database, and the lack of security discipline that led to this massive leak. Join us as we explore insights from a cybersecurity researcher who disassembled the app’s source code, the ensuing legal and privacy repercussions, and the broader implications for app security. ** Links mentioned on the show ** Hackers leak 13,000 user photos and IDs from the Tea app, designed as a women’s safe space https://www.nbcnews.com/tech/social-media/tea-app-hacked-13000-photos-leaked-4chan-call-action-rcna221139 Tea App Hack: Disassembling The Ridiculous App Source Code https://medium.com/@jankammerath/tea-app-hack-disassembling-the-ridiculous-app-source-code-bc585e15bf4f ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Tea App Hack: How a “Safe” Space Leaked 13,000 ID Photos & 1.1M Messages appeared first on Shared Security Podcast.

In this episode, we discuss a rising scam involving random smishing text messages. Learn how these messages work, why they’re effective, and what you can do to protect yourself. Discover the dangers of replying to vague text messages from unknown numbers and get practical tips on how to block and report spam texts. Stay safe by not engaging with these scams and using built-in filters and reporting options on your mobile device. ** Links mentioned on the show ** Got a weird text message? ‘Smishing’ scams likely rising because of AI, experts warn https://www.cbc.ca/news/business/smishing-scams-rise-1.7582672 ** Watch this episode on YouTube ** https://youtu.be/RAbmZpMol6M ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Random Smishing Text Scams: Why “Do I Know You?” Texts Are Dangerous appeared first on Shared Security Podcast.

This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the underlying issues with patching systems, and the complexities of protecting applications like SharePoint. Stay informed on the latest cybersecurity developments and get insights on what might have gone wrong. Plus, get a peek at what’s happening at Black Hat and DEF CON in Vegas. ** Links mentioned on the show ** DHS, HHS among agencies hacked in Microsoft Sharepoint breach https://www.yahoo.com/news/articles/dhs-hhs-among-agencies-hacked-151648112.html Blame a leak for Microsoft SharePoint attacks, researcher insists https://www.theregister.com/2025/07/26/microsoft_sharepoint_attacks_leak/ ** Watch this episode on YouTube ** https://youtu.be/klI0XmrNxC0 ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Leaked, Patched, and Still Hacked: The SharePoint Zero-Day Crisis appeared first on Shared Security Podcast.

In this episode, we examine Amazon’s Ring doorbell camera amid rising privacy concerns and policy changes. The Electronic Frontier Foundation’s recent report criticizes Ring’s AI-first approach and the rollback of prior privacy reforms, describing it as ‘techno authoritarianism.’ We also discuss a recent scare among Ring users on May 28, related to an unexplained series of logins, said by Amazon to be a UI glitch. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore these issues, share personal anecdotes about their experiences with tech, and discuss broader implications for privacy and civic freedoms. ** Links mentioned on the show ** Amazon Ring Cashes in on Techno-Authoritarianism and Mass Surveillance https://www.eff.org/deeplinks/2025/07/amazon-ring-cashes-techno-authoritarianism-and-mass-surveillance Amazon Ring Doorbell May 28 Mass Hacking Claim Goes Viral https://www.forbes.com/sites/daveywinder/2025/07/20/amazon-ring-doorbell-may-28-mass-hacking-claim-goes-viral/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Doorbells, Dystopia, and Digital Rights: The Ring Surveillance Debate appeared first on Shared Security Podcast.

In this episode, join hosts Tom Eston, Scott Wright, and Kevin Johnson as they discuss the controversial topic of seniors writing down passwords. They discuss how threat modeling differs for the elderly, the practicality of using password managers, two-factor authentication, and future solutions like passkeys. The conversation includes humorous anecdotes and touches on broader cybersecurity issues such as risk assessment and the importance of tailoring security solutions to individual needs. Tune in for insights on making security accessible and effective for an often overlooked group. ** Links mentioned on the show ** Passkeys, Passwords, and Seniors: What’s the Safest Option? https://www.barnesandnoble.com/w/internet-password-book-chartwell-books/1139181596 https://www.computerworld.com/article/4009132/passkeys-how-they-work-how-to-use-them.html ** Watch this episode on YouTube ** https://youtu.be/4QeAVoU6XXw ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Passwords and the Elderly: Why Writing Them Down Might Be OK appeared first on Shared Security Podcast.

In this episode, we discuss the often overlooked security issues within Google Workspace. Rajan Kapoor, Field CISO at Material Security, joins us to talk about how Material Security is redefining the protection of documents, email accounts, and data in Google Workspace. We explore the unique challenges Workspace presents compared to traditional tools, and how Material Security provides comprehensive solutions. Rajan shares his professional journey, insights into Google’s APIs, and how their service stands out. Tune in to understand why legacy tools may leave critical gaps in your organization’s security. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more! ** Links mentioned on the show ** Connect with Rajan and Material Security https://www.linkedin.com/in/rajankkapoor/ https://material.security/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Google Workspace Security Gap: Why Traditional Tools Fall Short appeared first on Shared Security Podcast.

Discover the groundbreaking advancements in autonomous penetration testing as a cybersecurity startup leverages AI to revolutionize offensive security. The discussion highlights the intriguing potential and challenges of AI automation in identifying vulnerabilities. Additionally, the necessity of skilled penetration testers remains critical, emphasizing transparency in findings. With an eye on the evolving technology landscape, the hosts explore both the promise and pitfalls of these innovations in the cybersecurity realm.

Is there really a cybersecurity talent shortage, or are we just looking in all the wrong places? This week on the Shared Security Podcast, we tackle the buzz around the so-called cybersecurity skills gap. Host Tom Eston welcomes Katie Soper, Senior Consultant at Avetix Cyber and co-founder of the CyberVault Podcast, to discuss the challenges and misconceptions in the industry. They explore whether the shortage is a myth, a mismatch, or something else entirely and what companies and professionals can do about it. With insights into hiring practices, skill shortages, and the importance of networking, this episode is a must-listen for anyone in or entering the field of cybersecurity. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more! ** Links mentioned on the show ** Follow Katie on LinkedIn and learn more about Avetix Cyber https://www.linkedin.com/in/katie-soper-a95518184/ https://avetixgroup.com/ Listen and Subscribe to the CyberVault Podcast https://open.spotify.com/show/6kugHG5241kYRQ43ogx7Zz https://www.youtube.com/@AvetixGroup ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Cybersecurity Talent Shortage: Myth, Mismatch, or Reality? appeared first on Shared Security Podcast.

In this episode, we explore the Kids Online Safety Act (KOSA), a controversial bill aimed at protecting children online. Joined by co-host Scott Wright, we discuss the potential implications of KOSA, including concerns about censorship, mass surveillance, and the impact on free expression and online privacy. We also touch on the broad support for the bill from both political parties and the involvement of social media giants like X. Additionally, we examine the balance between government regulation and parental responsibility in ensuring online safety for children. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more! ** Links mentioned on the show ** The Kids Online Safety Act Will Make the Internet Worse for Everyone https://www.eff.org/deeplinks/2025/05/kids-online-safety-act-will-make-internet-worse-everyone Republicans are barreling toward remaking the internet https://www.theverge.com/policy/681609/ftc-attention-economy-kids-online-safety-workshop ** Watch this episode on YouTube ** https://youtu.be/NaTq_LmAy3Q ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Kids Online Safety Act (KOSA): Protecting Kids or Censorship? appeared first on Shared Security Podcast.

Join us as we explore the concept of smart cities—municipalities enhanced by connected technology like sensors, cameras, and automated systems to improve services and infrastructure. We discuss the inherent vulnerabilities that come with these advancements, including cybersecurity threats and real-life incidents such as hacked crosswalk signals featuring voices of tech moguls. Our discussion covers how easily these systems can be compromised, the inadequate security measures currently in place, and the broader implications for critical infrastructure. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more! ** Links mentioned on the show ** Redwood City officials confront infrastructure vulnerabilities after crosswalk signal breach targeting tech billionaires goes viral https://www.dailydot.com/viral-politics/redwood-city-crosswalk-hack-targeting-tech-billionaires/ A week of disorder in Cleveland, as City Hall remains closed after ransomware attack https://apnews.com/article/cleveland-ohio-cyberattack-3d662624f66cddc1ae9576cd87669bf2 Mayor of Columbus, Ohio, says ransomware attackers stole corrupted, unusable data https://apnews.com/article/columbus-ohio-cyber-attack-8abc2b87d98d6acff1efbbbee41b817f Cyber incidents continue to impact operations at 4 central and western Maine hospitals https://wgme.com/news/local/cyber-incidents-continue-to-impact-operations-at-four-central-and-western-maine-hospitals Nova Scotia Power CEO, staff grilled by politicians over cybersecurity breach https://globalnews.ca/news/11212530/nova-scotia-power-breach/ ** Watch this episode on YouTube ** https://youtu.be/86iauIyhQ6U ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Cities of the Future or Hacker’s Paradise? The Cybersecurity Risks of Smart Cities appeared first on Shared Security Podcast.