Shared Security Podcast

This week we battle it out between the two mobile tech giants, Google Android vs Apple iOS, and discuss which one is better for your privacy and cybersecurity. Topics include: app stores and OS updates, ad tracking, and native text messaging. All this plus how Apple and Facebook fell for a massive email scam. ** Links mentioned on the show ** Apple and Facebook reportedly provided personal user data to hackers posing as law enforcement https://9to5mac.com/2022/03/30/apple-and-facebook-reportedly-provided-personal-user-data-to-hackers-posing-as-law-enforcement/ https://nypost.com/2022/03/30/apple-facebook-fell-for-scam-and-gave-user-data-away-report/ Android vs iOS: Which Platform is More Secure in 2021 https://appinventiv.com/blog/android-vs-ios-which-platform-is-more-secure-in-2021/ Open Source and Privacy Focused Android Operating Systems: GrapheneOS https://grapheneos.org/ CalyxOS https://calyxos.org/ LineageOS https://lineageos.org/ Signal – Secure End-to-End Encrypted Messenger App https://signal.org/#signal ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Google Android vs Apple iOS: Which is Better for Privacy and Cybersecurity? appeared first on Shared Security Podcast.

The LAPSUS$ hacking group has claimed to have hacked both Microsoft and Okta, details about a novel phishing technique called a browser-in-the-browser (BitB) attack, and how a popular software package that has 1.1 million weekly downloads released a new tampered version to condemn Russia’s invasion of Ukraine by wiping arbitrary file contents. ** Links mentioned on the show ** LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta https://thehackernews.com/2022/03/lapsus-hackers-claim-to-have-breached.html https://blog.cloudflare.com/cloudflare-investigation-of-the-january-2022-okta-compromise/ https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html https://mrd0x.com/browser-in-the-browser-phishing-attack/ Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion https://thehackernews.com/2022/03/popular-npm-package-updated-to-wipe.html ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post LAPSUS$ Hacks Okta, Browser-in-the Browser Phishing Attack, Popular Software Package Updated to Wipe Russian Systems appeared first on Shared Security Podcast.

This week we discuss the top 3 location tracking apps in the Apple App Store and Google Play and which ones sell your data. Plus, details about recent fake Chick-fil-A and Olive Garden vouchers on Facebook. ** Links mentioned on the show ** #1 Phone Tracker by Number https://play.google.com/store/apps/details?id=mg.locations.track5 https://onelocator.com/ – Android https://www.locatorprivacy.com/ – iOS #2 Life360 https://play.google.com/store/apps/details?id=com.life360.android.safetymapd https://support.life360.com/hc/en-us/articles/360043228154 #3 Glympse – Android https://glympse.com/privacy/ https://play.google.com/store/apps/details?id=com.glympse.android.glympse #3 My Family: Find Friends Phone – iOS https://friendzy.tech/myfamilyprivacypolicy/ Scam Alert: Chick-fil-A and Olive Garden Facebook Vouchers https://www.snopes.com/fact-check/olive-garden-chickfila-voucher/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Keeper Security Sign up for a free trial of Keeper Password Management for your organization today, and get a free 3-year personal plan. Get started by visiting Keepersecurity.com/sharedsecurity SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Top 3 Location Tracking Apps: Do They Sell Your Data? appeared first on Shared Security Podcast.

A new attack uses Alexa’s functionality to force Amazon Echo devices to make self-issued commands, payment app Zelle has become popular with fraudsters and banks don’t seem to care, and details about hackers who have stolen source code for Samsung Galaxy devices. ** Links mentioned on the show ** Preorder Your Professionally Evil Aloha Shirt for Charity! (proceeds go to St. Jude’s Children’s Hospital) https://www.secureideas.com/proevil-hawaiian-shirt Help Support Ukraine with ClearVPN https://macpaw.com/help-ukraine https://macpaw.com/news/macpaw-amidst-aggression Attackers can force Amazon Echos to hack themselves with self-issued commands https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/ https://www.ava-attack.org/ Fraud Is Flourishing on Zelle. The Banks Say It’s Not Their Problem https://www.nytimes.com/2022/03/06/business/payments-fraud-zelle-banks.html https://sharedsecurity.net/2019/11/18/googles-health-record-storage-controversy-us-border-search-ruling-zelle-scams/ Samsung confirms hackers stole Galaxy source code https://www.theverge.com/2022/3/7/22965220/samsung-hack-lapsus-galaxy-source-code-confirmed-nvidia ** Watch this episode on YouTube ** https://youtu.be/MlYw7BBAhhM ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Amazon Echos Hack Themselves, Fraud Is Flourishing on Zelle, Samsung Galaxy Source Code Stolen appeared first on Shared Security Podcast.

This week we discuss some of the more interesting hacks of Russian assets, technology, and more. Scott discusses recent credential stuffing attacks on Microsoft 365 accounts, and a fascinating story about ice cream machine “hackers” that are suing McDonald’s for $900 million dollars in damages. ** Links mentioned on the show ** Round up of interesting Russian hacking incidents https://www.vice.com/en/article/akvya5/russian-electric-vehicle-chargers-hacked-tell-users-putin-is-a-dickhead https://www.mirror.co.uk/news/world-news/hackers-rename-putins-73million-superyacht-26355609 https://www.thesun.co.uk/tech/17818843/anonymous-russia-space-agency-roscosmos/ Attackers use Microsoft Teams as launchpad for malware https://www.helpnetsecurity.com/2022/02/17/microsoft-teams-malware/ Ice Cream Machine Hackers Sue McDonald’s for $900 Million https://www.wired.com/story/kytch-ice-cream-machine-hackers-sue-mcdonalds-900-million/ The REAL Reason McDonalds Ice Cream Machines Are Always Broken https://www.youtube.com/watch?v=SrDEtSlqJC41 Realtime map of all broken McDonalds Ice Cream Machines https://mcbroken.com/ ** Watch this episode on YouTube ** https://youtu.be/8xFZ9WZoz8k ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Russia Gets Hacked, Microsoft 365 Credential Stuffing, McDonald’s Ice Cream Machine Hackers appeared first on Shared Security Podcast.

How TikTok can circumvent privacy protections and performs device tracking that gives TikTok full access to user data, the US government warns about ransomware attacks after Biden’s new sanctions against Russia, and details about the latest beta for iOS 15.4 which includes new features designed to prevent Apple AirTags from being used to stalk people. ** Links mentioned on the show ** TikTok Can Circumvent Apple and Google Privacy Protections and Access Full User Data, 2 Studies Say (Exclusive) https://www.yahoo.com/entertainment/tiktok-circumvent-apple-google-privacy-140000271.html US officials tell businesses to watch for potential ransomware attacks after Biden announces Russia sanctions https://www.msn.com/en-us/news/world/us-officials-tell-businesses-to-watch-for-potential-ransomware-attacks-after-biden-announces-russia-sanctions/ar-AAUbrCn New AirTags anti-stalking measures appear in iOS 15.4 beta https://www.theverge.com/2022/2/23/22947063/airtags-anti-stalking-ios-15-4-beta-4-privacy-notice ** Watch this episode on YouTube ** https://youtu.be/t3-lTYQwPoc ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post TikTok Circumvents Privacy Protections, Russian Sanction Attacks, Apple AirTag Anti-Stalking Measures appeared first on Shared Security Podcast.

MoviePass will use facial recognition and eye tracking to make sure you’re watching ads, new types of shipment-delivery scams are being used to spread malware, and details on the arrests of a SIM swapping gang and how you can protect yourself against a SIM swapping attack. ** Links mentioned on the show ** 4-week SLNT Cybersecurity and Privacy Challenge – Created by Co-Host Tom Eston https://slnt.com/pages/cybersecurity-and-privacy-guide MoviePass 2.0 Wants to Track Your Eyeballs to Make Sure You Watch Ads https://www.vice.com/en/article/akvnba/moviepass-20-wants-to-track-your-eyeballs-to-make-sure-you-watch-ads Facebook asking me to send them a full video of my entire face https://www.reddit.com/r/SharedSecurityShow/comments/sqhgd1/facebook_asking_me_to_send_them_a_full_video_of/ Shipment-Delivery Scams Become the Favored Way to Spread Malware https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/ Ready for more brand impersonations, missed deliveries and document macros? https://clickarmor.ca/2022/02/ready-brand-impersonation-shipping-macros-phishing/ Spanish Police Arrest SIM Swappers Who Stole Money from Victims Bank Accounts https://thehackernews.com/2022/02/spanish-police-arrest-sim-swappers-who.html ** Watch this episode on YouTube ** https://youtu.be/guu_TXMr_Sc ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post MoviePass Tracking Your Eyeballs, Shipment Delivery Scams, SIM Swappers Arrested appeared first on Shared Security Podcast.

The EARN IT Act is back for a second time which would pave the way for a new massive government surveillance system in the US, romance scams are on the rise so don’t fall for love in all the wrong places, and details about a new ransomware attack that wants you to like and subscribe, or else! ** Links mentioned on the show ** It’s Back: Senators Want EARN IT Bill to Scan All Online Messages https://www.eff.org/deeplinks/2022/02/its-back-senators-want-earn-it-bill-scan-all-online-messages Our previous episode from June 2020 on EARN IT https://sharedsecurity.net/2020/06/30/earn-it-act-facial-recognition-fail-can-i-be-phished/ Don’t Let These Romance Scams Taint Your Valentine’s Day, FBI Warns https://finance.yahoo.com/news/don-t-let-romance-scams-153008730.html https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/romance-scams Trafficked with Mariana van Zeller – Romance Scams https://www.nationalgeographic.com/tv/shows/trafficked-with-mariana-van-zeller/episode-guide/season-02/episode-02-romance-scams/vdka25543244 Ransomware Wants You to Like and Subscribe, Or Else https://www.vice.com/en/article/epx5ne/ransomware-wants-you-to-like-and-subscribe-or-else ** Watch this episode on YouTube ** https://youtu.be/3ByCba13o5o ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Shared Security Merch: https://store.sharedsecurity.net The post EARN IT Act is Back, Romance Scams, Like and Subscribe Ransomware appeared first on Shared Security Podcast.

Researchers have discovered a new web tracking technique using your graphics card, scammers are exploiting security weaknesses on job recruitment websites to post fraudulent job postings, and how a hacker single-handedly took down North Korea’s Internet. ** Links mentioned on the show ** Your graphics card could be used to track you across the web regardless of cookie consent https://www.pcgamer.com/drawn-apart-gpu-web-tracking/ FBI warning: Scammers are posting fake job ads on networking sites to steal your money and identity https://www.zdnet.com/article/fbi-warning-scammers-are-posting-fake-job-ads-on-networking-sites-to-steal-your-money-and-identity/ North Korea Hacked Him. So He Took Down Its Internet https://www.wired.com/story/north-korea-hacker-internet-outage/ https://www.nknews.org/2022/02/new-cyberattack-hits-north-korea-after-hacker-claims-responsibility-for-outages/ ** Watch this episode on YouTube ** https://youtu.be/mOtJe4Wo1tM ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Shared Security Merch: https://store.sharedsecurity.net The post Graphics Card Web Tracking, Fake Job Ad Scams, Hacker Takes Down North Korea’s Internet appeared first on Shared Security Podcast.

Hacktivists have hacked a Belarus rail system in an attempt to stop Russian military buildup, someone disclosed a slew of vulnerabilities in the popular Insta360 ONE X2 camera, and Google gets accused of “deceptive” location tracking in multiple lawsuits. ** Links mentioned on the show ** Hacktivists say they hacked Belarus rail system to stop Russian military buildup https://arstechnica.com/information-technology/2022/01/hactivists-say-they-hacked-belarus-rail-system-to-stop-russian-military-buildup/ Really cool Insta360 One X2 hidden feature! https://www.reddit.com/r/Insta360/comments/scsue6/really_cool_insta360_one_x2_hidden_feature/ https://www.insta360.com/product/insta360-onex2 Google accused of ‘deceptive’ location tracking in fresh round of lawsuits https://www.theguardian.com/technology/2022/jan/24/google-sued-privacy-texas-district-of-columbia ** Watch this episode on YouTube ** https://youtu.be/SDXmcrd6CiE ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Shared Security Merch: https://store.sharedsecurity.net The post Ukraine Invasion Hacktivists, Insta360 ONE X2 Vulnerabilities, Google Location Tracking Lawsuits appeared first on Shared Security Podcast.